English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.71052
Categoría:Ubuntu Local Security Checks
Título:Ubuntu USN-1320-1 (libavcodec52)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to libavcodec52
announced via advisory USN-1320-1.

Details:

Steve Manzuik discovered that FFmpeg incorrectly handled certain malformed
Matroska files. If a user were tricked into opening a crafted Matroska
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2011-3504)

Phillip Langlois discovered that FFmpeg incorrectly handled certain
malformed QDM2 streams. If a user were tricked into opening a crafted QDM2
stream file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2011-4351)

Phillip Langlois discovered that FFmpeg incorrectly handled certain
malformed VP3 streams. If a user were tricked into opening a crafted file,
an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 10.10. (CVE-2011-4352)

Phillip Langlois discovered that FFmpeg incorrectly handled certain
malformed VP5 and VP6 streams. If a user were tricked into opening a
crafted file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2011-4353)

It was discovered that FFmpeg incorrectly handled certain malformed VMD
files. If a user were tricked into opening a crafted VMD file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2011-4364)

Phillip Langlois discovered that FFmpeg incorrectly handled certain
malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1
stream file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2011-4579)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
libavcodec52 4:0.6-2ubuntu6.3
libavformat52 4:0.6-2ubuntu6.3

Ubuntu 10.04 LTS:
libavcodec52 4:0.5.1-1ubuntu1.3
libavformat52 4:0.5.1-1ubuntu1.3

http://www.securityspace.com/smysecure/catid.html?in=USN-1320-1

CVSS Score:
9.3

CVSS Vector:
AV:L/AC:H/Au:NR/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-3504
http://www.mandriva.com/security/advisories?name=MDVSA-2012:074
http://www.mandriva.com/security/advisories?name=MDVSA-2012:075
http://www.mandriva.com/security/advisories?name=MDVSA-2012:076
http://technet.microsoft.com/en-us/security/msvr/msvr11-011
http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog
http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog
http://www.osvdb.org/75621
http://secunia.com/advisories/45532
http://ubuntu.com/usn/usn-1320-1
http://ubuntu.com/usn/usn-1333-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-4351
Bugtraq: 20111123 NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution (Google Search)
http://seclists.org/bugtraq/2011/Nov/145
Common Vulnerability Exposure (CVE) ID: CVE-2011-4352
Bugtraq: 20111123 NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution (Google Search)
http://www.securityfocus.com/archive/1/520622
Common Vulnerability Exposure (CVE) ID: CVE-2011-4353
Common Vulnerability Exposure (CVE) ID: CVE-2011-4364
Common Vulnerability Exposure (CVE) ID: CVE-2011-4579
Bugtraq: 20111123 NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution (Google Search)
http://www.securityfocus.com/archive/1/520620
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.