Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3162 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

27.4%

top 3.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedJul 14

Latest updateMay 1

Description

Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 0.svn20080206-10 (bookworm)

▶Debianffmpeg/ffmpeg< 0.svn20080206-10+3

▶NVDffmpeg/ffmpeg14 versions+13

🔴Vulnerability Details

GHSA

GHSA-pp7w-86q6-r4x9: Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr↗2022-05-01

▶

OSV

CVE-2008-3162: Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr↗2008-07-14

▶

💥Exploits & PoCs

Exploit-DB

FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow↗2008-07-09

▶

📋Vendor Advisories

Ubuntu

ffmpeg vulnerability↗2008-07-28

▶

Debian

CVE-2008-3162: ffmpeg - Stack-based buffer overflow in the str_read_packet function in libavformat/psxst...↗2008

▶