CVE-2010-4704Improper Input Validation in Ffmpeg

CWE-20Improper Input Validation6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
4.1%
top 11.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedJan 22
Latest updateMay 17

Description

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)
Debianffmpeg/ffmpeg< 7:2.4.1-1+3
NVDffmpeg/ffmpeg0.6.1+16

🔴Vulnerability Details

2
GHSA
GHSA-fcg6-56gf-f98f: libavcodec/vorbis_dec2022-05-17
OSV
CVE-2010-4704: libavcodec/vorbis_dec2011-01-22

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)2010-09-20

📋Vendor Advisories

2
Ubuntu
FFmpeg vulnerabilities2011-04-04
Debian
CVE-2010-4704: ffmpeg - libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows...2010