9.3
CVE-2011-0480
- EPSS 2.3%
- Veröffentlicht 14.01.2011 17:00:03
- Zuletzt bearbeitet 16.06.2026 23:27:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version6.0
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version9.10
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.3% | 0.811 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.ubuntu.com/usn/usn-1104-1/
http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html
http://secunia.com/advisories/42951
http://www.securityfocus.com/bid/45788
http://www.srware.net/forum/viewtopic.php?f=18&t=2054
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550
http://code.google.com/p/chromium/issues/detail?id=68115
http://codereview.chromium.org/5964011
http://codereview.chromium.org/6069005
http://ffmpeg.mplayerhq.hu/
http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=13184036a6b1b1d4b61c91118c0896e9ad4634c3
http://osvdb.org/70463
http://roundup.ffmpeg.org/issue2548
http://roundup.ffmpeg.org/issue2550
http://src.chromium.org/viewvc/chrome?view=rev&revision=70200
http://www.debian.org/security/2011/dsa-2306
https://exchange.xforce.ibmcloud.com/vulnerabilities/64671
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380