CVE-2010-3429

FFmpeg <0.6 - Remote Code Execution

Title source: llm

Description

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."

References (19)

Core 19

Core References

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:088

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/09/28/4

Various Sources x_refsource_confirm

http://git.ffmpeg.org/?p=ffmpeg%3Ba=commit%3Bh=16c592155f117ccd7b86006c45aacc692a81c23b

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:061

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:062

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/514009/100/0/threaded

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:112

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:114

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43323

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-1104-1/

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2518

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:089

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2517

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2165

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/1241

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:060

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41626

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=635775

Various Sources x_refsource_misc

http://www.ocert.org/advisories/ocert-2010-004.html

Scores

EPSS 0.0499

EPSS Percentile 89.8%

Details

CWE

CWE-94

Status published

Products (26)

ffmpeg/ffmpeg 0.3

ffmpeg/ffmpeg 0.3.1

ffmpeg/ffmpeg 0.3.2

ffmpeg/ffmpeg 0.3.3

ffmpeg/ffmpeg 0.3.4

ffmpeg/ffmpeg 0.4.0

ffmpeg/ffmpeg 0.4.2

ffmpeg/ffmpeg 0.4.3

ffmpeg/ffmpeg 0.4.4

ffmpeg/ffmpeg 0.4.5

... and 16 more

Published Sep 30, 2010

Tracked Since Feb 18, 2026