Vulnerability Description
Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | 0.6 |
Related Weaknesses (CWE)
References
- http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=366d919016a679d3955f6fe5278fa
- http://secunia.com/advisories/43323
- http://www.debian.org/security/2011/dsa-2165
- http://www.securityfocus.com/bid/46294
- http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=366d919016a679d3955f6fe5278fa
- http://secunia.com/advisories/43323
- http://www.debian.org/security/2011/dsa-2165
- http://www.securityfocus.com/bid/46294
FAQ
What is CVE-2010-4705?
CVE-2010-4705 is a vulnerability with a CVSS score of 9.3 (HIGH). Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to t...
How severe is CVE-2010-4705?
CVE-2010-4705 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4705?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.