Vulnerability Description
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | <= 0.6.1 |
Related Weaknesses (CWE)
References
- http://ffmpeg.mplayerhq.hu/
- http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=3dde66752d59dfdd0f3727efd66e7
- http://secunia.com/advisories/43323
- http://www.debian.org/security/2011/dsa-2165
- http://www.debian.org/security/2011/dsa-2306
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
- http://www.securityfocus.com/bid/46294
- http://www.ubuntu.com/usn/usn-1104-1/
- http://www.vupen.com/english/advisories/2011/1241
FAQ
What is CVE-2010-4704?
CVE-2010-4704 is a vulnerability with a CVSS score of 4.3 (MEDIUM). libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0...
How severe is CVE-2010-4704?
CVE-2010-4704 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4704?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.