CVE-2010-3429 — Code Injection in Ffmpeg

CWE-94 — Code Injection9 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

5.0%

top 10.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Mplayerhq Mplayer

Timeline

PublishedSep 30

Latest updateMay 14

Description

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶Debianffmpeg/ffmpeg< 4:0.5.2-6+3

▶NVDffmpeg/ffmpeg0.6+15

▶NVDmplayerhq/mplayer1.0+20

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-v73j-5247-67hg: flicvideo↗2022-05-14

▶

OSV

CVE-2010-3429: flicvideo↗2010-09-30

▶

CVEList

CVE-2010-3429: flicvideo↗2010-09-30

▶

💥Exploits & PoCs

Exploit-DB

Destiny Media Player 1.61 - PLS .m3u Buffer Overflow (Metasploit)↗2010-04-30

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2011-04-04

▶

Debian

CVE-2010-3429: ffmpeg - flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and othe...↗2010

▶

💬Community

Bugzilla

CVE-2010-3429 ffmpeg: arbitrary offset dereference vulnerability in flic video codec (oCERT-2010-004) [fedora-12]↗2010-09-28

▶

Bugzilla

CVE-2010-3429 ffmpeg: arbitrary offset dereference vulnerability in flic video codec (oCERT-2010-004)↗2010-09-20

▶