Description
Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=366d919016a679d3955f6fe5278fa7ce4f47b81e
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43323
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2165
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46294
Scores
EPSS
0.0049
EPSS Percentile
65.6%
Details
CWE
CWE-189
Status
published
Products (1)
ffmpeg/ffmpeg
0.6
Published
Jan 22, 2011
Tracked Since
Feb 18, 2026