SB2011092901 - Code Injection in ffmpeg.sourceforge.net FFmpeg
Published: September 29, 2011 Updated: July 28, 2020
Security Bulletin ID
SB2011092901
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Code Injection (CVE-ID: cve-2011-3504)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.
Remediation
Install update from vendor's website.
References
- http://secunia.com/advisories/45532
- http://technet.microsoft.com/en-us/security/msvr/msvr11-011
- http://ubuntu.com/usn/usn-1320-1
- http://ubuntu.com/usn/usn-1333-1
- http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog
- http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:074
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:075
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:076
- http://www.osvdb.org/75621