Summary
This host is installed with FFmpeg and is prone to multiple vulnerabilities
Impact
Successful exploitation could result in Denial of Serivce condition(application crash or infinite loop) or possibly allow execution of arbitrary code.
Impact Level: Application
Solution
Upgrad to FFmpeg version 0.5.2 or later,
For updates refer to http://www.ffmpeg.org/download.html
Workaround:
Apply workaround from below link,
http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html
Insight
The multiple flaws are due to:
- An out-of-bounds array index error in 'vorbis_dec.c' - An off-by-one indexing error in 'vp3.c'
- Pointer arithmetic error in 'oggparsevorbis.c'
- Assignment vs comparison operator mix-up error in 'vorbis_dec.c' - Integer underflow error leading to stack pointer wrap-around in 'vorbis_dec.c' - Integer underflow error in 'mov.c'
- Type confusion error in 'mov.c'/'utils.c'
Affected
FFmpeg version 0.5 on Linux.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-4631, CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4637, CVE-2009-4638, CVE-2009-4639, CVE-2009-4640 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - October 12 (Windows)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)