FFmpeg Prior to 0.7.8 and 0.8.7 Multiple Remote Code Execution Vulnerabilities
BID:50760
Info
FFmpeg Prior to 0.7.8 and 0.8.7 Multiple Remote Code Execution Vulnerabilities
| Bugtraq ID: | 50760 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2011-4351 CVE-2011-4352 CVE-2011-4353 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2011 12:00AM |
| Updated: | Mar 19 2015 08:25AM |
| Credit: | Phillip Langlois of NGS Secure and the vendor. |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux FFmpeg FFmpeg 0.8.6 FFmpeg FFmpeg 0.8.5 FFmpeg FFmpeg 0.8.3 FFmpeg FFmpeg 0.7.7 FFmpeg FFmpeg 0.7.6 FFmpeg FFmpeg 0.7.4 FFmpeg FFmpeg 0.8.4 FFmpeg FFmpeg 0.8.2 FFmpeg FFmpeg 0.8.1 FFmpeg FFmpeg 0.7.5 FFmpeg FFmpeg 0.7.3 FFmpeg FFmpeg 0.7.2 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
FFmpeg FFmpeg 0.8.7 FFmpeg FFmpeg 0.7.8 |
Discussion
FFmpeg Prior to 0.7.8 and 0.8.7 Multiple Remote Code Execution Vulnerabilities
FFmpeg is prone to multiple remote code-execution vulnerabilities.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to FFmpeg 0.7.8 and 0.8.7 are vulnerable.
FFmpeg is prone to multiple remote code-execution vulnerabilities.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to FFmpeg 0.7.8 and 0.8.7 are vulnerable.
Exploit / POC
FFmpeg Prior to 0.7.8 and 0.8.7 Multiple Remote Code Execution Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
FFmpeg Prior to 0.7.8 and 0.8.7 Multiple Remote Code Execution Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva alsa-plugins-doc-1.0.18-1.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva ffmpeg-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64alsa-plugins-1.0.18-1.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64alsa-plugins-jack-1.0.18-1.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64alsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avformats52-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avutil49-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-static-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg52-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64postproc51-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64sox-devel-14.3.0-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64sox1-14.3.0-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64swscaler0-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64wavpack-devel-4.50.1-1.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64wavpack1-4.50.1-1.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva sox-14.3.0-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva wavpack-4.50.1-1.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
MandrakeSoft Enterprise Server 5
-
Mandriva alsa-plugins-doc-1.0.18-1.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva ffmpeg-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libalsa-plugins-1.0.18-1.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libalsa-plugins-jack-1.0.18-1.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libalsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavformats52-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavutil49-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-devel-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-static-devel-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg52-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libpostproc51-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libsox-devel-14.3.0-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libsox1-14.3.0-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libswscaler0-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libwavpack-devel-4.50.1-1.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libwavpack1-4.50.1-1.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva sox-14.3.0-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva wavpack-4.50.1-1.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1 x86_64
-
Mandriva ffmpeg-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avformats52-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avutil50-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-devel-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-static-devel-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg52-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64postproc51-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64swscaler0-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1
-
Mandriva ffmpeg-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavformats52-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavutil50-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-devel-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-static-devel-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg52-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libpostproc51-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libswscaler0-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011 x86_64
-
Mandriva ffmpeg-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avfilter1-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avformats52-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avutil50-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-devel-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-static-devel-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg52-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64postproc51-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64swscaler0-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011
-
Mandriva ffmpeg-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavfilter1-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavformats52-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavutil50-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-devel-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-static-devel-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg52-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libpostproc51-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libswscaler0-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/
References
FFmpeg Prior to 0.7.8 and 0.8.7 Multiple Remote Code Execution Vulnerabilities
References:
References:
- CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds (Hanno Böck)
- FFmpeg 0.7.8 and 0.8.7 Release Notes (FFmpeg)
- FFmpeg Homepage (FFmpeg)
- NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execu (NGSSecure)
- NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code e (NGSSecure)
- NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code exe (NGSSecure)