Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3162

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3162
Last Modified 07 Mar 2011 10:10:18
Published 14 Jul 2008 07:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3162

Summary

Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.

Vulnerable Systems

Application

  • Ffmpeg 0.3

  • Ffmpeg 0.3.1

  • Ffmpeg 0.3.2

  • Ffmpeg 0.3.3

  • Ffmpeg 0.3.4

  • Ffmpeg 0.4.0

  • Ffmpeg 0.4.2

  • Ffmpeg 0.4.3

  • Ffmpeg 0.4.4

  • Ffmpeg 0.4.5

  • Ffmpeg 0.4.6

  • Ffmpeg 0.4.7

  • Ffmpeg 0.4.8

  • Ffmpeg 0.4.9 Pre1


References

CONFIRM - https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311

VUPEN - ADV-2008-2031

UBUNTU - USN-630-1

BID - 30154

MLIST - [oss-security] 20080716 Re: CVE id request: libavformat

MLIST - [oss-security] 20080710 CVE id request: libavformat

MANDRIVA - MDVSA-2008:157

DEBIAN - DSA-1781

CONFIRM - http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993

GENTOO - GLSA-200903-33

SECUNIA - 34905

SECUNIA - 34385

SECUNIA - 31268

SECUNIA - 30994

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489965


Last Updated: 27 May 2016 10:48:06