6.8

CVE-2010-3429

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version <= 0.6
FfmpegFfmpeg Version0.3
FfmpegFfmpeg Version0.3.1
FfmpegFfmpeg Version0.3.2
FfmpegFfmpeg Version0.3.3
FfmpegFfmpeg Version0.3.4
FfmpegFfmpeg Version0.4.0
FfmpegFfmpeg Version0.4.2
FfmpegFfmpeg Version0.4.3
FfmpegFfmpeg Version0.4.4
FfmpegFfmpeg Version0.4.5
FfmpegFfmpeg Version0.4.6
FfmpegFfmpeg Version0.4.7
FfmpegFfmpeg Version0.4.8
FfmpegFfmpeg Version0.4.9 Updatepre1
FfmpegFfmpeg Version0.5
MplayerhqMplayer Updaterc3 Version <= 1.0
MplayerhqMplayer Version0.01
MplayerhqMplayer Version0.02
MplayerhqMplayer Version0.05
MplayerhqMplayer Version0.06
MplayerhqMplayer Version0.07
MplayerhqMplayer Version0.08
MplayerhqMplayer Version0.09
MplayerhqMplayer Version0.09 Updatepre3
MplayerhqMplayer Version0.10
MplayerhqMplayer Version0.10 Updatepre1
MplayerhqMplayer Version0.10 Updatepre2
MplayerhqMplayer Version0.10 Updatepre3
MplayerhqMplayer Version0.10 Updatepre4
MplayerhqMplayer Version0.10 Updatepre5
MplayerhqMplayer Version0.10 Updatepre6
MplayerhqMplayer Version0.10 Updatepre7
MplayerhqMplayer Version0.11 Updatepre10
MplayerhqMplayer Version0.11 Updatepre11
MplayerhqMplayer Version0.11 Updatepre12
MplayerhqMplayer Version0.11 Updatepre13
MplayerhqMplayer Version0.11 Updatepre14
MplayerhqMplayer Version0.11 Updatepre15
MplayerhqMplayer Version0.11 Updatepre16
MplayerhqMplayer Version0.11 Updatepre17
MplayerhqMplayer Version0.11 Updatepre18
MplayerhqMplayer Version0.11 Updatepre19
MplayerhqMplayer Version0.11 Updatepre2
MplayerhqMplayer Version0.11 Updatepre20
MplayerhqMplayer Version0.11 Updatepre21
MplayerhqMplayer Version0.11 Updatepre22
MplayerhqMplayer Version0.11 Updatepre23
MplayerhqMplayer Version0.11 Updatepre24
MplayerhqMplayer Version0.11 Updatepre3
MplayerhqMplayer Version0.11 Updatepre4
MplayerhqMplayer Version0.11 Updatepre5
MplayerhqMplayer Version0.11 Updatepre6
MplayerhqMplayer Version0.11 Updatepre7
MplayerhqMplayer Version0.11 Updatepre8
MplayerhqMplayer Version0.11 Updatepre9
MplayerhqMplayer Version0.17_idegcounter
MplayerhqMplayer Version0.17a_idegcounter
MplayerhqMplayer Version0.18 Updatepre1
MplayerhqMplayer Version0.18 Updatepre2
MplayerhqMplayer Version0.18 Updatepre3
MplayerhqMplayer Version0.18 Updatepre4
MplayerhqMplayer Version0.18 Updatepre5
MplayerhqMplayer Version0.50
MplayerhqMplayer Version0.50 Updatepre1
MplayerhqMplayer Version0.50 Updatepre2
MplayerhqMplayer Version0.50 Updatepre3
MplayerhqMplayer Version0.60
MplayerhqMplayer Version0.60 Updatepre1
MplayerhqMplayer Version0.60 Updatepre2
MplayerhqMplayer Version0.90
MplayerhqMplayer Version0.90 Updatepre1
MplayerhqMplayer Version0.90 Updatepre10
MplayerhqMplayer Version0.90 Updatepre2
MplayerhqMplayer Version0.90 Updatepre3
MplayerhqMplayer Version0.90 Updatepre4
MplayerhqMplayer Version0.90 Updatepre5
MplayerhqMplayer Version0.90 Updatepre6
MplayerhqMplayer Version0.90 Updatepre7
MplayerhqMplayer Version0.90 Updatepre8
MplayerhqMplayer Version0.90 Updatepre9
MplayerhqMplayer Version0.90 Updaterc1
MplayerhqMplayer Version0.90 Updaterc2
MplayerhqMplayer Version0.90 Updaterc3
MplayerhqMplayer Version0.90 Updaterc3-pre1
MplayerhqMplayer Version0.90 Updaterc3-pre2
MplayerhqMplayer Version0.90 Updaterc3-pre3
MplayerhqMplayer Version0.90 Updaterc4
MplayerhqMplayer Version0.90 Updaterc5
MplayerhqMplayer Version0.91
MplayerhqMplayer Version0.92
MplayerhqMplayer Version0.92.1
MplayerhqMplayer Version0.93
MplayerhqMplayer Version1.0 Updatepre1
MplayerhqMplayer Version1.0 Updatepre2
MplayerhqMplayer Version1.0 Updatepre3
MplayerhqMplayer Version1.0 Updatepre3try2
MplayerhqMplayer Version1.0 Updatepre4
MplayerhqMplayer Version1.0 Updatepre5
MplayerhqMplayer Version1.0 Updatepre5try2
MplayerhqMplayer Version1.0 Updatepre6
MplayerhqMplayer Version1.0 Updatepre6a
MplayerhqMplayer Version1.0 Updatepre7
MplayerhqMplayer Version1.0 Updatepre7try2
MplayerhqMplayer Version1.0 Updatepre8
MplayerhqMplayer Version1.0 Updaterc1
MplayerhqMplayer Version1.0 Updaterc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.18% 0.896
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.vupen.com/english/advisories/2011/1241
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
http://git.ffmpeg.org/?p=ffmpeg%3Ba=commit%3Bh=16c592155f117ccd7b86006c45aacc692a81c23b
http://secunia.com/advisories/41626
Vendor Advisory
http://secunia.com/advisories/43323
http://www.debian.org/security/2011/dsa-2165
http://www.ocert.org/advisories/ocert-2010-004.html
http://www.openwall.com/lists/oss-security/2010/09/28/4
http://www.securityfocus.com/archive/1/514009/100/0/threaded
http://www.ubuntu.com/usn/usn-1104-1/
http://www.vupen.com/english/advisories/2010/2517
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2518
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=635775