cvelistv5 - cve-2010-4704

CVE-2010-4704 (GCVE-0-2010-4704)

Vulnerability from cvelistv5 – Published: 2011-01-22 21:00 – Updated: 2024-08-07 03:55

Summary

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.debian.org/security/2011/dsa-2306	vendor-advisoryx_refsource_DEBIAN
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://roundup.ffmpeg.org/issue2322	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/43323	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-1104-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://ffmpeg.mplayerhq.hu/	x_refsource_CONFIRM
	http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3B…	x_refsource_CONFIRM
	http://www.debian.org/security/2011/dsa-2165	vendor-advisoryx_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2011/1241	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/46294	vdb-entryx_refsource_BID
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:55:34.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2011:088",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
          },
          {
            "name": "DSA-2306",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2306"
          },
          {
            "name": "MDVSA-2011:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://roundup.ffmpeg.org/issue2322"
          },
          {
            "name": "MDVSA-2011:062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
          },
          {
            "name": "MDVSA-2011:112",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
          },
          {
            "name": "MDVSA-2011:114",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
          },
          {
            "name": "43323",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43323"
          },
          {
            "name": "USN-1104-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-1104-1/"
          },
          {
            "name": "MDVSA-2011:089",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ffmpeg.mplayerhq.hu/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
          },
          {
            "name": "DSA-2165",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2165"
          },
          {
            "name": "ADV-2011-1241",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/1241"
          },
          {
            "name": "46294",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46294"
          },
          {
            "name": "MDVSA-2011:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-02-23T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2011:088",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
        },
        {
          "name": "DSA-2306",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2306"
        },
        {
          "name": "MDVSA-2011:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://roundup.ffmpeg.org/issue2322"
        },
        {
          "name": "MDVSA-2011:062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
        },
        {
          "name": "MDVSA-2011:112",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
        },
        {
          "name": "MDVSA-2011:114",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
        },
        {
          "name": "43323",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43323"
        },
        {
          "name": "USN-1104-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-1104-1/"
        },
        {
          "name": "MDVSA-2011:089",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ffmpeg.mplayerhq.hu/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
        },
        {
          "name": "DSA-2165",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2165"
        },
        {
          "name": "ADV-2011-1241",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/1241"
        },
        {
          "name": "46294",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46294"
        },
        {
          "name": "MDVSA-2011:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4704",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2011:088",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
            },
            {
              "name": "DSA-2306",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2306"
            },
            {
              "name": "MDVSA-2011:061",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
            },
            {
              "name": "https://roundup.ffmpeg.org/issue2322",
              "refsource": "CONFIRM",
              "url": "https://roundup.ffmpeg.org/issue2322"
            },
            {
              "name": "MDVSA-2011:062",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
            },
            {
              "name": "MDVSA-2011:112",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
            },
            {
              "name": "MDVSA-2011:114",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
            },
            {
              "name": "43323",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43323"
            },
            {
              "name": "USN-1104-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-1104-1/"
            },
            {
              "name": "MDVSA-2011:089",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
            },
            {
              "name": "http://ffmpeg.mplayerhq.hu/",
              "refsource": "CONFIRM",
              "url": "http://ffmpeg.mplayerhq.hu/"
            },
            {
              "name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078",
              "refsource": "CONFIRM",
              "url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078"
            },
            {
              "name": "DSA-2165",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2165"
            },
            {
              "name": "ADV-2011-1241",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/1241"
            },
            {
              "name": "46294",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46294"
            },
            {
              "name": "MDVSA-2011:060",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4704",
    "datePublished": "2011-01-22T21:00:00",
    "dateReserved": "2011-01-22T00:00:00",
    "dateUpdated": "2024-08-07T03:55:34.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.6.1\", \"matchCriteriaId\": \"1D1446E3-D771-41DA-9BDD-6252855F009F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2649A80-4739-4BBB-AB0B-99AD435BE7CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4A2E77D-B826-4B49-ADC8-7F704E149A5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18157837-4550-45E3-A12E-AE06E047E253\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9F42611-C3E2-416B-9AE7-A5AE83E4DEF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A20789F-26E3-4871-B24E-25E922BADDF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67C6C243-3ACC-49C3-80CA-D7CA8FEFF0D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AE6D368-0BA6-4499-B7E1-EE16C03012E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26C0F6EF-0452-4AFE-AF3E-B88F963A0938\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B4DD372-4D3B-445C-8C38-E083A3C0D4A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"733C03D7-2780-4D69-A98D-BCFB91D1119A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AEE1977-E9E0-4BFF-B33B-B083E49E51F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6979C17-0BC6-47D1-9B73-254D84306A96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"204C7C05-3441-4DB0-8702-D99C8FCB381E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E1A7011-B992-4E35-B306-45772DACB23C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D486C17-FC4A-4AEE-A430-1B1FBCC2C27C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37FBB817-A186-4517-9DA7-B3638576AAE7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480.\"}, {\"lang\": \"es\", \"value\": \"libavcodec/vorbis_dec.c del decodificador Vorbis de FFmpeg 0.6.1 y anteriores permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (ca\\u00edda de la aplicaci\\u00f3n) a trav\\u00e9s de un fichero .ogg modificado, relacionado con la funci\\u00f3n vorbis_floor0_decode.  NOTA: se puede sobrelapar con la vulnerabilidad CVE-2011-0480.\"}]",
      "id": "CVE-2010-4704",
      "lastModified": "2024-11-21T01:21:33.877",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-01-22T22:00:04.553",
      "references": "[{\"url\": \"http://ffmpeg.mplayerhq.hu/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/43323\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2011/dsa-2165\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2011/dsa-2306\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:060\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:061\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:062\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:088\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:089\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:112\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:114\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/46294\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-1104-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/1241\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://roundup.ffmpeg.org/issue2322\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://ffmpeg.mplayerhq.hu/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/43323\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2011/dsa-2165\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2011/dsa-2306\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:060\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:061\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:088\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:089\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:112\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2011:114\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/46294\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-1104-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/1241\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://roundup.ffmpeg.org/issue2322\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4704\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-01-22T22:00:04.553\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480.\"},{\"lang\":\"es\",\"value\":\"libavcodec/vorbis_dec.c del decodificador Vorbis de FFmpeg 0.6.1 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero .ogg modificado, relacionado con la funci\u00f3n vorbis_floor0_decode.  NOTA: se puede sobrelapar con la vulnerabilidad CVE-2011-0480.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.6.1\",\"matchCriteriaId\":\"1D1446E3-D771-41DA-9BDD-6252855F009F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2649A80-4739-4BBB-AB0B-99AD435BE7CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4A2E77D-B826-4B49-ADC8-7F704E149A5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18157837-4550-45E3-A12E-AE06E047E253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9F42611-C3E2-416B-9AE7-A5AE83E4DEF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A20789F-26E3-4871-B24E-25E922BADDF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67C6C243-3ACC-49C3-80CA-D7CA8FEFF0D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AE6D368-0BA6-4499-B7E1-EE16C03012E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26C0F6EF-0452-4AFE-AF3E-B88F963A0938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B4DD372-4D3B-445C-8C38-E083A3C0D4A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"733C03D7-2780-4D69-A98D-BCFB91D1119A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AEE1977-E9E0-4BFF-B33B-B083E49E51F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6979C17-0BC6-47D1-9B73-254D84306A96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"204C7C05-3441-4DB0-8702-D99C8FCB381E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E1A7011-B992-4E35-B306-45772DACB23C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D486C17-FC4A-4AEE-A430-1B1FBCC2C27C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37FBB817-A186-4517-9DA7-B3638576AAE7\"}]}]}],\"references\":[{\"url\":\"http://ffmpeg.mplayerhq.hu/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43323\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2165\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2306\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:060\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:061\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:062\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:088\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:089\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:112\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:114\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/46294\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-1104-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1241\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://roundup.ffmpeg.org/issue2322\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://ffmpeg.mplayerhq.hu/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2165\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:088\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:089\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:114\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-1104-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/1241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://roundup.ffmpeg.org/issue2322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}

CERTA-2011-AVI-080

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans ffmpeg permettent un déni de service à distance.

Description

Plusieurs vulnérabilités dans le décodeur Vorbis de ffmpeg peuvent être exploitées par le biais d'un fichier spécialement conçu. Ces vulnérabilités provoquent un déni de service.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes versions de ffmpeg.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité ffmpeg 2550 du 15 janvier 2011	None	vendor-advisory
Bulletin de sécurité ffmpeg 2322 du 25 octobre 2010	None	vendor-advisory
Bulletin de sécurité ffmpeg 2548 du 15 janvier 2011	None	vendor-advisory
Bulletin de sécurité ffmepg 2322 du 25 octobre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes versions de ffmpeg.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans le d\u00e9codeur Vorbis de ffmpeg peuvent \u00eatre\nexploit\u00e9es par le biais d\u0027un fichier sp\u00e9cialement con\u00e7u. Ces\nvuln\u00e9rabilit\u00e9s provoquent un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4704"
    },
    {
      "name": "CVE-2011-0480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0480"
    },
    {
      "name": "CVE-2010-4705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4705"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ffmepg 2322 du 25 octobre 2010 :",
      "url": "http://roundup.ffmpeg.org/issue2322"
    }
  ],
  "reference": "CERTA-2011-AVI-080",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans ffmpeg permettent un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans ffmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ffmpeg 2550 du 15 janvier 2011",
      "url": "http://roundup.ffmpeg.org/issue2550"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ffmpeg 2322 du 25 octobre 2010",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ffmpeg 2548 du 15 janvier 2011",
      "url": "http://roundup.ffmpeg.org/issue2548"
    }
  ]
}

CERTA-2011-AVI-080

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans ffmpeg permettent un déni de service à distance.

Description

Plusieurs vulnérabilités dans le décodeur Vorbis de ffmpeg peuvent être exploitées par le biais d'un fichier spécialement conçu. Ces vulnérabilités provoquent un déni de service.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Toutes versions de ffmpeg.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité ffmpeg 2550 du 15 janvier 2011	None	vendor-advisory
Bulletin de sécurité ffmpeg 2322 du 25 octobre 2010	None	vendor-advisory
Bulletin de sécurité ffmpeg 2548 du 15 janvier 2011	None	vendor-advisory
Bulletin de sécurité ffmepg 2322 du 25 octobre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes versions de ffmpeg.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans le d\u00e9codeur Vorbis de ffmpeg peuvent \u00eatre\nexploit\u00e9es par le biais d\u0027un fichier sp\u00e9cialement con\u00e7u. Ces\nvuln\u00e9rabilit\u00e9s provoquent un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4704"
    },
    {
      "name": "CVE-2011-0480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0480"
    },
    {
      "name": "CVE-2010-4705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4705"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ffmepg 2322 du 25 octobre 2010 :",
      "url": "http://roundup.ffmpeg.org/issue2322"
    }
  ],
  "reference": "CERTA-2011-AVI-080",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans ffmpeg permettent un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans ffmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ffmpeg 2550 du 15 janvier 2011",
      "url": "http://roundup.ffmpeg.org/issue2550"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ffmpeg 2322 du 25 octobre 2010",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ffmpeg 2548 du 15 janvier 2011",
      "url": "http://roundup.ffmpeg.org/issue2548"
    }
  ]
}

CERTA-2011-AVI-507

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été découverte dans FFmpeg.

Description

Plusieurs vulnérabilités sont présentes dans FFmpeg.

La première (CVE-2010-3908) permet à une personne malintentionnée d'effectuer un déni de service, voire d'exécuter du code arbitraire, lors de l'ouverture d'un fichier WMV spécialement conçu.

La deuxième (CVE-2010-4704) permet de provoquer un déni de service lors de l'ouverture d'un fichier Ogg contrefait.

La troisième (CVE-2011-0480) concerne différents dépassements de tampon dans le décodeur Vorbis, pouvant avoir lieu lors de l'ouverture d'un fichier WebM spécialement formé. Il est alors possible de rendre l'application inopérante (déni de service). Ce problème pourrait avoir d'autres conséquences non déterminées.

La dernière (CVE-2011-0722) permet à un utilisateur malintentionné de provoquer un déni de service ou une exécution de code arbitraire lors de la lecture d'un fichier RealMedia contrefait.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Debian Squeeze

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Buleltin de sécurité Debian DSA-2306-1 du 11 septembre 2011	None	vendor-advisory
Bulletin de sécurité Debian DSA 2306 du 11 septembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eDebian Squeeze\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans FFmpeg.\n\nLa premi\u00e8re (CVE-2010-3908) permet \u00e0 une personne malintentionn\u00e9e\nd\u0027effectuer un d\u00e9ni de service, voire d\u0027ex\u00e9cuter du code arbitraire,\nlors de l\u0027ouverture d\u0027un fichier WMV sp\u00e9cialement con\u00e7u.\n\nLa deuxi\u00e8me (CVE-2010-4704) permet de provoquer un d\u00e9ni de service lors\nde l\u0027ouverture d\u0027un fichier Ogg contrefait.\n\nLa troisi\u00e8me (CVE-2011-0480) concerne diff\u00e9rents d\u00e9passements de tampon\ndans le d\u00e9codeur Vorbis, pouvant avoir lieu lors de l\u0027ouverture d\u0027un\nfichier WebM sp\u00e9cialement form\u00e9. Il est alors possible de rendre\nl\u0027application inop\u00e9rante (d\u00e9ni de service). Ce probl\u00e8me pourrait avoir\nd\u0027autres cons\u00e9quences non d\u00e9termin\u00e9es.\n\nLa derni\u00e8re (CVE-2011-0722) permet \u00e0 un utilisateur malintentionn\u00e9 de\nprovoquer un d\u00e9ni de service ou une ex\u00e9cution de code arbitraire lors de\nla lecture d\u0027un fichier RealMedia contrefait.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4704"
    },
    {
      "name": "CVE-2011-0480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0480"
    },
    {
      "name": "CVE-2011-0722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0722"
    },
    {
      "name": "CVE-2010-3908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3908"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2306 du 11 septembre 2011 :",
      "url": "http://www.debian.org/security/2011/dsa-2306"
    }
  ],
  "reference": "CERTA-2011-AVI-507",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couverte dans \u00a0\u003cspan\nclass=\"textit\"\u003eFFmpeg\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Buleltin de s\u00e9curit\u00e9 Debian DSA-2306-1 du 11 septembre 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-507

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été découverte dans FFmpeg.

Description

Plusieurs vulnérabilités sont présentes dans FFmpeg.

La première (CVE-2010-3908) permet à une personne malintentionnée d'effectuer un déni de service, voire d'exécuter du code arbitraire, lors de l'ouverture d'un fichier WMV spécialement conçu.

La deuxième (CVE-2010-4704) permet de provoquer un déni de service lors de l'ouverture d'un fichier Ogg contrefait.

La dernière (CVE-2011-0722) permet à un utilisateur malintentionné de provoquer un déni de service ou une exécution de code arbitraire lors de la lecture d'un fichier RealMedia contrefait.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Debian Squeeze

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Buleltin de sécurité Debian DSA-2306-1 du 11 septembre 2011	None	vendor-advisory
Bulletin de sécurité Debian DSA 2306 du 11 septembre 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eDebian Squeeze\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans FFmpeg.\n\nLa premi\u00e8re (CVE-2010-3908) permet \u00e0 une personne malintentionn\u00e9e\nd\u0027effectuer un d\u00e9ni de service, voire d\u0027ex\u00e9cuter du code arbitraire,\nlors de l\u0027ouverture d\u0027un fichier WMV sp\u00e9cialement con\u00e7u.\n\nLa deuxi\u00e8me (CVE-2010-4704) permet de provoquer un d\u00e9ni de service lors\nde l\u0027ouverture d\u0027un fichier Ogg contrefait.\n\nLa troisi\u00e8me (CVE-2011-0480) concerne diff\u00e9rents d\u00e9passements de tampon\ndans le d\u00e9codeur Vorbis, pouvant avoir lieu lors de l\u0027ouverture d\u0027un\nfichier WebM sp\u00e9cialement form\u00e9. Il est alors possible de rendre\nl\u0027application inop\u00e9rante (d\u00e9ni de service). Ce probl\u00e8me pourrait avoir\nd\u0027autres cons\u00e9quences non d\u00e9termin\u00e9es.\n\nLa derni\u00e8re (CVE-2011-0722) permet \u00e0 un utilisateur malintentionn\u00e9 de\nprovoquer un d\u00e9ni de service ou une ex\u00e9cution de code arbitraire lors de\nla lecture d\u0027un fichier RealMedia contrefait.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-4704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4704"
    },
    {
      "name": "CVE-2011-0480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0480"
    },
    {
      "name": "CVE-2011-0722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0722"
    },
    {
      "name": "CVE-2010-3908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3908"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2306 du 11 septembre 2011 :",
      "url": "http://www.debian.org/security/2011/dsa-2306"
    }
  ],
  "reference": "CERTA-2011-AVI-507",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couverte dans \u00a0\u003cspan\nclass=\"textit\"\u003eFFmpeg\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Buleltin de s\u00e9curit\u00e9 Debian DSA-2306-1 du 11 septembre 2011",
      "url": null
    }
  ]
}

GHSA-FCG6-56GF-F98F

Vulnerability from github – Published: 2022-05-17 05:37 – Updated: 2025-04-11 03:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-4704"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-01-22T22:00:00Z",
    "severity": "MODERATE"
  },
  "details": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480.",
  "id": "GHSA-fcg6-56gf-f98f",
  "modified": "2025-04-11T03:43:20Z",
  "published": "2022-05-17T05:37:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4704"
    },
    {
      "type": "WEB",
      "url": "https://roundup.ffmpeg.org/issue2322"
    },
    {
      "type": "WEB",
      "url": "http://ffmpeg.mplayerhq.hu"
    },
    {
      "type": "WEB",
      "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
    },
    {
      "type": "WEB",
      "url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43323"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2165"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2306"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/46294"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-1104-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/1241"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2010-4704

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-4704

Aliases

CVE-2010-4704

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-4704",
    "description": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480.",
    "id": "GSD-2010-4704",
    "references": [
      "https://www.debian.org/security/2011/dsa-2306",
      "https://www.debian.org/security/2011/dsa-2165"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-4704"
      ],
      "details": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480.",
      "id": "GSD-2010-4704",
      "modified": "2023-12-13T01:21:29.642630Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-4704",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MDVSA-2011:088",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
          },
          {
            "name": "DSA-2306",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2306"
          },
          {
            "name": "MDVSA-2011:061",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
          },
          {
            "name": "https://roundup.ffmpeg.org/issue2322",
            "refsource": "CONFIRM",
            "url": "https://roundup.ffmpeg.org/issue2322"
          },
          {
            "name": "MDVSA-2011:062",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
          },
          {
            "name": "MDVSA-2011:112",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
          },
          {
            "name": "MDVSA-2011:114",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
          },
          {
            "name": "43323",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43323"
          },
          {
            "name": "USN-1104-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-1104-1/"
          },
          {
            "name": "MDVSA-2011:089",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
          },
          {
            "name": "http://ffmpeg.mplayerhq.hu/",
            "refsource": "CONFIRM",
            "url": "http://ffmpeg.mplayerhq.hu/"
          },
          {
            "name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078",
            "refsource": "CONFIRM",
            "url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078"
          },
          {
            "name": "DSA-2165",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2165"
          },
          {
            "name": "ADV-2011-1241",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/1241"
          },
          {
            "name": "46294",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/46294"
          },
          {
            "name": "MDVSA-2011:060",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.6.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4704"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078"
            },
            {
              "name": "https://roundup.ffmpeg.org/issue2322",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "https://roundup.ffmpeg.org/issue2322"
            },
            {
              "name": "DSA-2165",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2011/dsa-2165"
            },
            {
              "name": "43323",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43323"
            },
            {
              "name": "ADV-2011-1241",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/1241"
            },
            {
              "name": "MDVSA-2011:060",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
            },
            {
              "name": "MDVSA-2011:061",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
            },
            {
              "name": "http://ffmpeg.mplayerhq.hu/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ffmpeg.mplayerhq.hu/"
            },
            {
              "name": "USN-1104-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-1104-1/"
            },
            {
              "name": "MDVSA-2011:062",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
            },
            {
              "name": "46294",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/46294"
            },
            {
              "name": "MDVSA-2011:088",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
            },
            {
              "name": "MDVSA-2011:089",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
            },
            {
              "name": "DSA-2306",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2011/dsa-2306"
            },
            {
              "name": "MDVSA-2011:112",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
            },
            {
              "name": "MDVSA-2011:114",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-10-26T02:55Z",
      "publishedDate": "2011-01-22T22:00Z"
    }
  }
}

FKIE_CVE-2010-4704

Vulnerability from fkie_nvd - Published: 2011-01-22 22:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://ffmpeg.mplayerhq.hu/
cve@mitre.org	http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
cve@mitre.org	http://secunia.com/advisories/43323
cve@mitre.org	http://www.debian.org/security/2011/dsa-2165
cve@mitre.org	http://www.debian.org/security/2011/dsa-2306
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
cve@mitre.org	http://www.securityfocus.com/bid/46294
cve@mitre.org	http://www.ubuntu.com/usn/usn-1104-1/
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1241
cve@mitre.org	https://roundup.ffmpeg.org/issue2322	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://ffmpeg.mplayerhq.hu/
af854a3a-2127-422b-91ae-364da2661108	http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43323
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2165
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2306
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/46294
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-1104-1/
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1241
af854a3a-2127-422b-91ae-364da2661108	https://roundup.ffmpeg.org/issue2322	Exploit

Impacted products

Vendor	Product	Version
ffmpeg	ffmpeg	*
ffmpeg	ffmpeg	0.3
ffmpeg	ffmpeg	0.3.1
ffmpeg	ffmpeg	0.3.2
ffmpeg	ffmpeg	0.3.3
ffmpeg	ffmpeg	0.3.4
ffmpeg	ffmpeg	0.4.0
ffmpeg	ffmpeg	0.4.2
ffmpeg	ffmpeg	0.4.3
ffmpeg	ffmpeg	0.4.4
ffmpeg	ffmpeg	0.4.5
ffmpeg	ffmpeg	0.4.6
ffmpeg	ffmpeg	0.4.7
ffmpeg	ffmpeg	0.4.8
ffmpeg	ffmpeg	0.4.9
ffmpeg	ffmpeg	0.5
ffmpeg	ffmpeg	0.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D1446E3-D771-41DA-9BDD-6252855F009F",
              "versionEndIncluding": "0.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2649A80-4739-4BBB-AB0B-99AD435BE7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A2E77D-B826-4B49-ADC8-7F704E149A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18157837-4550-45E3-A12E-AE06E047E253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F42611-C3E2-416B-9AE7-A5AE83E4DEF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A20789F-26E3-4871-B24E-25E922BADDF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C6C243-3ACC-49C3-80CA-D7CA8FEFF0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AE6D368-0BA6-4499-B7E1-EE16C03012E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26C0F6EF-0452-4AFE-AF3E-B88F963A0938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DD372-4D3B-445C-8C38-E083A3C0D4A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C03D7-2780-4D69-A98D-BCFB91D1119A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AEE1977-E9E0-4BFF-B33B-B083E49E51F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6979C17-0BC6-47D1-9B73-254D84306A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "204C7C05-3441-4DB0-8702-D99C8FCB381E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "2E1A7011-B992-4E35-B306-45772DACB23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D486C17-FC4A-4AEE-A430-1B1FBCC2C27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FBB817-A186-4517-9DA7-B3638576AAE7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480."
    },
    {
      "lang": "es",
      "value": "libavcodec/vorbis_dec.c del decodificador Vorbis de FFmpeg 0.6.1 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero .ogg modificado, relacionado con la funci\u00f3n vorbis_floor0_decode.  NOTA: se puede sobrelapar con la vulnerabilidad CVE-2011-0480."
    }
  ],
  "id": "CVE-2010-4704",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-01-22T22:00:04.553",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ffmpeg.mplayerhq.hu/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43323"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2165"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2306"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/46294"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-1104-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/1241"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://roundup.ffmpeg.org/issue2322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ffmpeg.mplayerhq.hu/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-1104-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://roundup.ffmpeg.org/issue2322"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-4704 (GCVE-0-2010-4704)

CERTA-2011-AVI-080

Description

Solution

CERTA-2011-AVI-080

Description

Solution

CERTA-2011-AVI-507

Description

Solution

CERTA-2011-AVI-507

Description

Solution

GHSA-FCG6-56GF-F98F

GSD-2010-4704

FKIE_CVE-2010-4704

Tags

Sightings

Nomenclature