FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability
BID:50880
Info
FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 50880 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2011-4364 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 01 2011 12:00AM |
| Updated: | Mar 19 2015 09:03AM |
| Credit: | Fabian Yamaguchi, Felix ’FX’ Lindner and Konrad Rieck |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux FFmpeg FFmpeg 0.8.7 FFmpeg FFmpeg 0.8.6 FFmpeg FFmpeg 0.8.5 FFmpeg FFmpeg 0.8.3 FFmpeg FFmpeg 0.7.7 FFmpeg FFmpeg 0.7.6 FFmpeg FFmpeg 0.7.4 FFmpeg FFmpeg 0.6.1 FFmpeg FFmpeg 0.8.4 FFmpeg FFmpeg 0.8.2 FFmpeg FFmpeg 0.8.1 FFmpeg FFmpeg 0.7.8 FFmpeg FFmpeg 0.7.5 FFmpeg FFmpeg 0.7.3 FFmpeg FFmpeg 0.7.2 FFmpeg FFmpeg 0.7-rc1 FFmpeg FFmpeg 0.6.3 FFmpeg FFmpeg 0.6 FFmpeg FFmpeg 0.5.4 FFmpeg FFmpeg 0.5.3 FFmpeg FFmpeg 0.5.2 FFmpeg FFmpeg 0.5 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: | |
Discussion
FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability
FFmpeg is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
FFmpeg is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers can leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Exploit / POC
FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability
The reporters of this vulnerability have proof-of-concept code; this code is not known to be publicly available.
The reporters of this vulnerability have proof-of-concept code; this code is not known to be publicly available.
Solution / Fix
FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva alsa-plugins-doc-1.0.18-1.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva ffmpeg-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64alsa-plugins-1.0.18-1.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64alsa-plugins-jack-1.0.18-1.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64alsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avformats52-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avutil49-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-static-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg52-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64postproc51-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64sox-devel-14.3.0-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64sox1-14.3.0-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64swscaler0-0.5.9-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64wavpack-devel-4.50.1-1.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64wavpack1-4.50.1-1.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva sox-14.3.0-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva wavpack-4.50.1-1.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
MandrakeSoft Enterprise Server 5
-
Mandriva alsa-plugins-doc-1.0.18-1.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva ffmpeg-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libalsa-plugins-1.0.18-1.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libalsa-plugins-jack-1.0.18-1.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libalsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavformats52-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavutil49-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-devel-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-static-devel-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg52-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libpostproc51-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libsox-devel-14.3.0-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libsox1-14.3.0-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libswscaler0-0.5.9-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libwavpack-devel-4.50.1-1.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libwavpack1-4.50.1-1.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva sox-14.3.0-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva wavpack-4.50.1-1.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1 x86_64
-
Mandriva ffmpeg-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avformats52-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avutil50-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-devel-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-static-devel-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg52-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64postproc51-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64swscaler0-0.6.5-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1
-
Mandriva ffmpeg-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavformats52-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavutil50-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-devel-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-static-devel-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg52-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libpostproc51-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libswscaler0-0.6.5-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011 x86_64
-
Mandriva ffmpeg-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avfilter1-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avformats52-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64avutil50-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-devel-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg-static-devel-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64ffmpeg52-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64postproc51-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64swscaler0-0.7.12-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011
-
Mandriva ffmpeg-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavfilter1-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavformats52-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libavutil50-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-devel-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg-static-devel-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libffmpeg52-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libpostproc51-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libswscaler0-0.7.12-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/
References
FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability
References:
References:
- FFmpeg Homepage (FFmpeg)
- Re: CVE id request: ffmpeg (Nico Glode)
- Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities using Machine (Fabian Yamaguchi, Felix �??FX�?? Lindner, and Konrad Rieck)