FreeBSD : ffmpeg -- multiple vulnerabilities (ea2ddc49-3e8e-11e1-8095-5404a67eef98)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Ubuntu Security Notice USN-1320-1 reports :

Phillip Langlois discovered that FFmpeg incorrectly handled certain
malformed QDM2 streams. If a user were tricked into opening a crafted
QDM2 stream file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2011-4351)

Phillip Langlois discovered that FFmpeg incorrectly handled certain
malformed VP3 streams. If a user were tricked into opening a crafted
file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the
user invoking the program. (CVE-2011-4352)

Phillip Langlois discovered that FFmpeg incorrectly handled certain
malformed VP5 and VP6 streams. If a user were tricked into opening a
crafted file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2011-4353)

It was discovered that FFmpeg incorrectly handled certain malformed
VMD files. If a user were tricked into opening a crafted VMD file, an
attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2011-4364)

Phillip Langlois discovered that FFmpeg incorrectly handled certain
malformed SVQ1 streams. If a user were tricked into opening a crafted
SVQ1 stream file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2011-4579)

See also :

http://www.ubuntu.com/usn/usn-1320-1
http://www.nessus.org/u?4d3dcb1a

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57553 ()

Bugtraq ID:

CVE ID: CVE-2011-4351
CVE-2011-4352
CVE-2011-4353
CVE-2011-4364
CVE-2011-4579

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now