Detections
Analytics
Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:060)
critical Nessus Plugin ID 53272
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Multiple vulnerabilities has been identified and fixed in ffmpeg :oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. (CVE-2009-4632)
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. (CVE-2009-4633)
Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. (CVE-2009-4634)
FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. (CVE-2009-4635)
The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. (CVE-2009-4639)
Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.
(CVE-2009-4640)
flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429)
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704)
And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory.
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490
The updated packages have been patched to correct these issues.
Solution
Update the affected packages.Plugin Details
Severity: Critical
ID: 53272
File Name: mandriva_MDVSA-2011-060.nasl
Version: 1.11
Type: local
Family: Mandriva Local Security Checks
Published: 4/4/2011
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:lib64ffmpeg51, p-cpe:/a:mandriva:linux:lib64swscaler0, p-cpe:/a:mandriva:linux:libavformats52, p-cpe:/a:mandriva:linux:libavutil49, p-cpe:/a:mandriva:linux:libffmpeg-devel, p-cpe:/a:mandriva:linux:libffmpeg-static-devel, p-cpe:/a:mandriva:linux:ffmpeg, p-cpe:/a:mandriva:linux:lib64avformats52, p-cpe:/a:mandriva:linux:lib64avutil49, p-cpe:/a:mandriva:linux:lib64ffmpeg-devel, p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel, p-cpe:/a:mandriva:linux:libffmpeg51, p-cpe:/a:mandriva:linux:libswscaler0, cpe:/o:mandriva:linux:2009.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 4/1/2011
Reference Information
CVE: CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4639, CVE-2009-4640, CVE-2010-3429, CVE-2010-4704, CVE-2011-2162