CVE-2010-4704

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Input Validation Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2010-3429, CVE-2010-3908, CVE-2010-4705, CVE-2011-0480, CVE-2011-0722, CVE-2011-0723, CVE-2011-2160, CVE-2011-2161, CVE-2011-2162

Published on 22/01/11 - Updated on 26/10/11

Description

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2010-4704
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2011-AVI-080, CERTA-2011-AVI-507
Debian DSA-2165-1, DSA-2306-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
ffmpegffmpeg

Share this vulnerability with:

Twitter Facebook LinkedIn Mail