CVE-2008-3162
published 2008-07-14CVE-2008-3162: Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of…
PriorityP349critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
9.25%
94.7th percentile
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ffmpeg | < ffmpeg 0.svn20080206-10 (bookworm) | ffmpeg 0.svn20080206-10 (bookworm) |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | >= 0 < 0.svn20080206-10 | 0.svn20080206-10 |
| ffmpeg | ffmpeg | >= 0 < 0.svn20080206-10 | 0.svn20080206-10 |
| ffmpeg | ffmpeg | >= 0 < 0.svn20080206-10 | 0.svn20080206-10 |
| ffmpeg | ffmpeg | >= 0 < 0.svn20080206-10 | 0.svn20080206-10 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ffmpeg vulnerability
vendor_ubuntu·2008-07-28
CVE-2008-3162 ffmpeg vulnerability
Title: ffmpeg vulnerability
Summary: ffmpeg vulnerability
It was discovered that ffmpeg did not correctly handle STR file
demuxing. If a user were tricked into processing a malicious STR file,
a remote attacker could execute arbitrary code with user privileges via
applications linked against ffmpeg.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2008-3162: ffmpeg - Stack-based buffer overflow in the str_read_packet function in libavformat/psxst...
vendor_debian·2008·CVSS 9.3
CVE-2008-3162 [CRITICAL] CVE-2008-3162: ffmpeg - Stack-based buffer overflow in the str_read_packet function in libavformat/psxst...
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
Scope: local
bookworm: resolved (fixed in 0.svn20080206-10)
bullseye: resolved (fixed in 0.svn20080206-10)
forky: resolved (fixed in 0.svn20080206-10)
sid: resolved (fixed in 0.svn20080206-10)
trixie: resolved (fixed in 0.svn20080206-10)
GHSA
GHSA-pp7w-86q6-r4x9: Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr
ghsa_unreviewed·2022-05-01
CVE-2008-3162 [HIGH] CWE-119 GHSA-pp7w-86q6-r4x9: Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
OSV
CVE-2008-3162: Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr
osv·2008-07-14·CVSS 9.3
CVE-2008-3162 [CRITICAL] CVE-2008-3162: Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
No detection rules found.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489965http://secunia.com/advisories/30994http://secunia.com/advisories/31268http://secunia.com/advisories/34385http://secunia.com/advisories/34905http://security.gentoo.org/glsa/glsa-200903-33.xmlhttp://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993http://www.debian.org/security/2009/dsa-1781http://www.mandriva.com/security/advisories?name=MDVSA-2008:157http://www.openwall.com/lists/oss-security/2008/07/09/9http://www.openwall.com/lists/oss-security/2008/07/16/4http://www.securityfocus.com/bid/30154http://www.ubuntu.com/usn/usn-630-1http://www.vupen.com/english/advisories/2008/2031/referenceshttps://roundup.mplayerhq.hu/roundup/ffmpeg/issue311http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489965http://secunia.com/advisories/30994http://secunia.com/advisories/31268http://secunia.com/advisories/34385http://secunia.com/advisories/34905http://security.gentoo.org/glsa/glsa-200903-33.xmlhttp://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993http://www.debian.org/security/2009/dsa-1781http://www.mandriva.com/security/advisories?name=MDVSA-2008:157http://www.openwall.com/lists/oss-security/2008/07/09/9http://www.openwall.com/lists/oss-security/2008/07/16/4http://www.securityfocus.com/bid/30154http://www.ubuntu.com/usn/usn-630-1http://www.vupen.com/english/advisories/2008/2031/referenceshttps://roundup.mplayerhq.hu/roundup/ffmpeg/issue311
2008-07-14
Published