FKIE_CVE-2010-4704

Vulnerability from fkie_nvd - Published: 2011-01-22 22:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.
References
cve@mitre.orghttp://ffmpeg.mplayerhq.hu/
cve@mitre.orghttp://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
cve@mitre.orghttp://secunia.com/advisories/43323
cve@mitre.orghttp://www.debian.org/security/2011/dsa-2165
cve@mitre.orghttp://www.debian.org/security/2011/dsa-2306
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:060
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:061
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:062
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:088
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:089
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:112
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:114
cve@mitre.orghttp://www.securityfocus.com/bid/46294
cve@mitre.orghttp://www.ubuntu.com/usn/usn-1104-1/
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/1241
cve@mitre.orghttps://roundup.ffmpeg.org/issue2322Exploit
af854a3a-2127-422b-91ae-364da2661108http://ffmpeg.mplayerhq.hu/
af854a3a-2127-422b-91ae-364da2661108http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43323
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2165
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2306
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/46294
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-1104-1/
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/1241
af854a3a-2127-422b-91ae-364da2661108https://roundup.ffmpeg.org/issue2322Exploit
Impacted products
Vendor Product Version
ffmpeg ffmpeg *
ffmpeg ffmpeg 0.3
ffmpeg ffmpeg 0.3.1
ffmpeg ffmpeg 0.3.2
ffmpeg ffmpeg 0.3.3
ffmpeg ffmpeg 0.3.4
ffmpeg ffmpeg 0.4.0
ffmpeg ffmpeg 0.4.2
ffmpeg ffmpeg 0.4.3
ffmpeg ffmpeg 0.4.4
ffmpeg ffmpeg 0.4.5
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.9
ffmpeg ffmpeg 0.5
ffmpeg ffmpeg 0.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D1446E3-D771-41DA-9BDD-6252855F009F",
              "versionEndIncluding": "0.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2649A80-4739-4BBB-AB0B-99AD435BE7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A2E77D-B826-4B49-ADC8-7F704E149A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18157837-4550-45E3-A12E-AE06E047E253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F42611-C3E2-416B-9AE7-A5AE83E4DEF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A20789F-26E3-4871-B24E-25E922BADDF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C6C243-3ACC-49C3-80CA-D7CA8FEFF0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AE6D368-0BA6-4499-B7E1-EE16C03012E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26C0F6EF-0452-4AFE-AF3E-B88F963A0938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DD372-4D3B-445C-8C38-E083A3C0D4A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C03D7-2780-4D69-A98D-BCFB91D1119A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AEE1977-E9E0-4BFF-B33B-B083E49E51F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6979C17-0BC6-47D1-9B73-254D84306A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "204C7C05-3441-4DB0-8702-D99C8FCB381E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "2E1A7011-B992-4E35-B306-45772DACB23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D486C17-FC4A-4AEE-A430-1B1FBCC2C27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FBB817-A186-4517-9DA7-B3638576AAE7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function.  NOTE: this might overlap CVE-2011-0480."
    },
    {
      "lang": "es",
      "value": "libavcodec/vorbis_dec.c del decodificador Vorbis de FFmpeg 0.6.1 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero .ogg modificado, relacionado con la funci\u00f3n vorbis_floor0_decode.  NOTA: se puede sobrelapar con la vulnerabilidad CVE-2011-0480."
    }
  ],
  "id": "CVE-2010-4704",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-01-22T22:00:04.553",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ffmpeg.mplayerhq.hu/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43323"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2165"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2306"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/46294"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-1104-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/1241"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://roundup.ffmpeg.org/issue2322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ffmpeg.mplayerhq.hu/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7202b3c75078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-1104-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://roundup.ffmpeg.org/issue2322"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.