Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2011-AVI-080
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités dans ffmpeg permettent un déni de service à distance.
Description
Plusieurs vulnérabilités dans le décodeur Vorbis de ffmpeg peuvent être exploitées par le biais d'un fichier spécialement conçu. Ces vulnérabilités provoquent un déni de service.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Toutes versions de ffmpeg.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eToutes versions de ffmpeg.\u003c/p\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans le d\u00e9codeur Vorbis de ffmpeg peuvent \u00eatre\nexploit\u00e9es par le biais d\u0027un fichier sp\u00e9cialement con\u00e7u. Ces\nvuln\u00e9rabilit\u00e9s provoquent un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-4704",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4704"
},
{
"name": "CVE-2011-0480",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0480"
},
{
"name": "CVE-2010-4705",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4705"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 ffmepg 2322 du 25 octobre 2010 :",
"url": "http://roundup.ffmpeg.org/issue2322"
}
],
"reference": "CERTA-2011-AVI-080",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans ffmpeg permettent un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans ffmpeg",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ffmpeg 2550 du 15 janvier 2011",
"url": "http://roundup.ffmpeg.org/issue2550"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ffmpeg 2322 du 25 octobre 2010",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ffmpeg 2548 du 15 janvier 2011",
"url": "http://roundup.ffmpeg.org/issue2548"
}
]
}
CVE-2010-4704 (GCVE-0-2010-4704)
Vulnerability from cvelistv5 – Published: 2011-01-22 21:00 – Updated: 2024-08-07 03:55
VLAI?
EPSS
Summary
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:34.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
},
{
"name": "DSA-2306",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2306"
},
{
"name": "MDVSA-2011:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://roundup.ffmpeg.org/issue2322"
},
{
"name": "MDVSA-2011:062",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
},
{
"name": "MDVSA-2011:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
},
{
"name": "MDVSA-2011:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
},
{
"name": "43323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43323"
},
{
"name": "USN-1104-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-1104-1/"
},
{
"name": "MDVSA-2011:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.mplayerhq.hu/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
},
{
"name": "DSA-2165",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2165"
},
{
"name": "ADV-2011-1241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1241"
},
{
"name": "46294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46294"
},
{
"name": "MDVSA-2011:060",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-23T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2011:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
},
{
"name": "DSA-2306",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2306"
},
{
"name": "MDVSA-2011:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://roundup.ffmpeg.org/issue2322"
},
{
"name": "MDVSA-2011:062",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
},
{
"name": "MDVSA-2011:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
},
{
"name": "MDVSA-2011:114",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
},
{
"name": "43323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43323"
},
{
"name": "USN-1104-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-1104-1/"
},
{
"name": "MDVSA-2011:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.mplayerhq.hu/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
},
{
"name": "DSA-2165",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2165"
},
{
"name": "ADV-2011-1241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1241"
},
{
"name": "46294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46294"
},
{
"name": "MDVSA-2011:060",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
},
{
"name": "DSA-2306",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2306"
},
{
"name": "MDVSA-2011:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
},
{
"name": "https://roundup.ffmpeg.org/issue2322",
"refsource": "CONFIRM",
"url": "https://roundup.ffmpeg.org/issue2322"
},
{
"name": "MDVSA-2011:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
},
{
"name": "MDVSA-2011:112",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
},
{
"name": "MDVSA-2011:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
},
{
"name": "43323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43323"
},
{
"name": "USN-1104-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-1104-1/"
},
{
"name": "MDVSA-2011:089",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
},
{
"name": "http://ffmpeg.mplayerhq.hu/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.mplayerhq.hu/"
},
{
"name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078",
"refsource": "CONFIRM",
"url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078"
},
{
"name": "DSA-2165",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2165"
},
{
"name": "ADV-2011-1241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1241"
},
{
"name": "46294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46294"
},
{
"name": "MDVSA-2011:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4704",
"datePublished": "2011-01-22T21:00:00",
"dateReserved": "2011-01-22T00:00:00",
"dateUpdated": "2024-08-07T03:55:34.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4705 (GCVE-0-2010-4705)
Vulnerability from cvelistv5 – Published: 2011-01-22 21:00 – Updated: 2024-08-07 03:55
VLAI?
EPSS
Summary
Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=366d919016a679d3955f6fe5278fa7ce4f47b81e"
},
{
"name": "43323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43323"
},
{
"name": "DSA-2165",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2165"
},
{
"name": "46294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-23T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=366d919016a679d3955f6fe5278fa7ce4f47b81e"
},
{
"name": "43323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43323"
},
{
"name": "DSA-2165",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2165"
},
{
"name": "46294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=366d919016a679d3955f6fe5278fa7ce4f47b81e",
"refsource": "CONFIRM",
"url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=366d919016a679d3955f6fe5278fa7ce4f47b81e"
},
{
"name": "43323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43323"
},
{
"name": "DSA-2165",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2165"
},
{
"name": "46294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4705",
"datePublished": "2011-01-22T21:00:00",
"dateReserved": "2011-01-22T00:00:00",
"dateUpdated": "2024-08-07T03:55:35.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0480 (GCVE-0-2011-0480)
Vulnerability from cvelistv5 – Published: 2011-01-14 16:00 – Updated: 2024-08-06 21:51
VLAI?
EPSS
Summary
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roundup.ffmpeg.org/issue2548"
},
{
"name": "DSA-2306",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name": "[ffmpeg-devel] 20101229 [PATCH] Fix a couple of errors with bad Vorbis headers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://codereview.chromium.org/6069005"
},
{
"name": "45788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=13184036a6b1b1d4b61c91118c0896e9ad4634c3"
},
{
"name": "MDVSA-2011:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=70200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://codereview.chromium.org/5964011"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2054"
},
{
"name": "USN-1104-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-1104-1/"
},
{
"name": "70463",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70463"
},
{
"name": "chrome-vorbis-bo(64671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64671"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.mplayerhq.hu/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=68115"
},
{
"name": "oval:org.mitre.oval:def:14380",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roundup.ffmpeg.org/issue2550"
},
{
"name": "42951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roundup.ffmpeg.org/issue2548"
},
{
"name": "DSA-2306",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name": "[ffmpeg-devel] 20101229 [PATCH] Fix a couple of errors with bad Vorbis headers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://codereview.chromium.org/6069005"
},
{
"name": "45788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=13184036a6b1b1d4b61c91118c0896e9ad4634c3"
},
{
"name": "MDVSA-2011:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=70200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://codereview.chromium.org/5964011"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2054"
},
{
"name": "USN-1104-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-1104-1/"
},
{
"name": "70463",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70463"
},
{
"name": "chrome-vorbis-bo(64671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64671"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.mplayerhq.hu/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=68115"
},
{
"name": "oval:org.mitre.oval:def:14380",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roundup.ffmpeg.org/issue2550"
},
{
"name": "42951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://roundup.ffmpeg.org/issue2548",
"refsource": "CONFIRM",
"url": "http://roundup.ffmpeg.org/issue2548"
},
{
"name": "DSA-2306",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2306"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name": "[ffmpeg-devel] 20101229 [PATCH] Fix a couple of errors with bad Vorbis headers",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550"
},
{
"name": "http://codereview.chromium.org/6069005",
"refsource": "CONFIRM",
"url": "http://codereview.chromium.org/6069005"
},
{
"name": "45788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45788"
},
{
"name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3",
"refsource": "CONFIRM",
"url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3"
},
{
"name": "MDVSA-2011:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
},
{
"name": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=70200",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome?view=rev\u0026revision=70200"
},
{
"name": "http://codereview.chromium.org/5964011",
"refsource": "CONFIRM",
"url": "http://codereview.chromium.org/5964011"
},
{
"name": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2054",
"refsource": "CONFIRM",
"url": "http://www.srware.net/forum/viewtopic.php?f=18\u0026t=2054"
},
{
"name": "USN-1104-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-1104-1/"
},
{
"name": "70463",
"refsource": "OSVDB",
"url": "http://osvdb.org/70463"
},
{
"name": "chrome-vorbis-bo(64671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64671"
},
{
"name": "http://ffmpeg.mplayerhq.hu/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.mplayerhq.hu/"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=68115",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=68115"
},
{
"name": "oval:org.mitre.oval:def:14380",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380"
},
{
"name": "http://roundup.ffmpeg.org/issue2550",
"refsource": "CONFIRM",
"url": "http://roundup.ffmpeg.org/issue2550"
},
{
"name": "42951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0480",
"datePublished": "2011-01-14T16:00:00",
"dateReserved": "2011-01-14T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…