Summary
This host is installed with FFmpeg and is prone to multiple vulnerabilities
Impact
Successful exploitation could result in Denial of Serivce condition(application crash or infinite loop) or possibly allow execution of arbitrary code.
Impact Level: Application
Solution
Upgrad to FFmpeg version 0.5.2 or later,
For updates refer to http://www.ffmpeg.org/download.html
Workaround:
Apply workaround from below link,
http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html
Insight
The multiple flaws are due to:
- An out-of-bounds array index error in 'vorbis_dec.c' - An off-by-one indexing error in 'vp3.c'
- Pointer arithmetic error in 'oggparsevorbis.c'
- Assignment vs comparison operator mix-up error in 'vorbis_dec.c' - Integer underflow error leading to stack pointer wrap-around in 'vorbis_dec.c' - Integer underflow error in 'mov.c'
- Type confusion error in 'mov.c'/'utils.c'
Affected
FFmpeg version 0.5 on Linux.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-4631, CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4637, CVE-2009-4638, CVE-2009-4639, CVE-2009-4640 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities - November12 (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
- Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability