Published: 10/02/2010 Updated: 04/05/2010

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ffmpeg ffmpeg 0.5

Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer: Various programming errors in container and codec implementations may lead to denial of service or the execution of arbitrary code if the user is tricked into opening ...

CWE-189 https://roundup.ffmpeg.org/roundup/ffmpeg/issue1483 https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/38643 http://www.debian.org/security/2010/dsa-2000 http://www.securityfocus.com/bid/36465 http://secunia.com/advisories/36805 https://nvd.nist.gov https://www.debian.org/security/./dsa-2000

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4631

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect