Main Vulnerability Database SB2011112107

SB2011112107 - Code Injection in ffmpeg (Alpine package)

Published: November 21, 2011

Security Bulletin ID SB2011112107

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Code Injection (CVE-ID: cve-2011-3504)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=a81b5e5b560bc7bc2ae8374b1e2df893485ab462
https://git.alpinelinux.org/aports/commit/?id=be16fd287de7d3ed4167704de0d65f552389cd8a