Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:4XM-VULNS |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
FFmpeg 4xm Memory Corruption |
Release Date |
2010/09/22 |
Update Number |
1777 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: FFmpeg 4xm Memory Corruption
This signature detects attempts to exploit a known vulnerability in the FFmpeg 4xm engine. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.
Extended Description
FFmpeg is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to FFmpeg trunk revision 16846 are vulnerable.
Affected Products
- Debian linux 4.0
- Debian linux 4.0 Alpha
- Debian linux 4.0 Amd64
- Debian linux 4.0 Arm
- Debian linux 4.0 Armel
- Debian linux 4.0 Hppa
- Debian linux 4.0 Ia-32
- Debian linux 4.0 Ia-64
- Debian linux 4.0 M68k
- Debian linux 4.0 Mips
- Debian linux 4.0 Mipsel
- Debian linux 4.0 Powerpc
- Debian linux 4.0 S/390
- Debian linux 4.0 Sparc
- Debian linux 5.0
- Debian linux 5.0 Alpha
- Debian linux 5.0 Amd64
- Debian linux 5.0 Arm
- Debian linux 5.0 Armel
- Debian linux 5.0 Hppa
- Debian linux 5.0 Ia-32
- Debian linux 5.0 Ia-64
- Debian linux 5.0 M68k
- Debian linux 5.0 Mips
- Debian linux 5.0 Mipsel
- Debian linux 5.0 Powerpc
- Debian linux 5.0 S/390
- Debian linux 5.0 Sparc
- Ffmpeg ffmpeg 0.4.6
- Ffmpeg ffmpeg 0.4.7
- Ffmpeg ffmpeg 0.4.8
- Ffmpeg ffmpeg 0.4.9
- Ffmpeg ffmpeg 0.4.9 -0.Pre1.5.1.20060
- Ffmpeg ffmpeg 0.4.9 20080909
- Ffmpeg ffmpeg 0.49 P20060530
- Ffmpeg ffmpeg 0.4.9 -Pre1
- Ffmpeg ffmpeg 0.8.7
- Ffmpeg ffmpeg 0.8.7 -R1
- Ffmpeg ffmpeg 2005-03-13
- Gentoo linux
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva enterprise_server 5
- Mandriva enterprise_server 5 X86 64
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Mandriva linux_mandrake 2009.0
- Mandriva linux_mandrake 2009.0 X86 64
- Pardus linux_2008
- Red_hat fedora 10
- Red_hat fedora 9
- Slackware linux 12.0
- Slackware linux 12.1
- Slackware linux 12.2
- Slackware linux -Current
- Suse opensuse 10.3
- Suse opensuse 11.0
- Suse opensuse 11.1
- Suse suse_linux_enterprise 10
- Suse suse_linux_enterprise 11
- Ubuntu ubuntu_linux 6.06 LTS Amd64
- Ubuntu ubuntu_linux 6.06 LTS I386
- Ubuntu ubuntu_linux 6.06 LTS Powerpc
- Ubuntu ubuntu_linux 6.06 LTS Sparc
- Ubuntu ubuntu_linux 7.10 Amd64
- Ubuntu ubuntu_linux 7.10 I386
- Ubuntu ubuntu_linux 7.10 Lpia
- Ubuntu ubuntu_linux 7.10 Powerpc
- Ubuntu ubuntu_linux 7.10 Sparc
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Ubuntu ubuntu_linux 8.04 LTS Sparc
- Ubuntu ubuntu_linux 8.10 Amd64
- Ubuntu ubuntu_linux 8.10 I386
- Ubuntu ubuntu_linux 8.10 Lpia
- Ubuntu ubuntu_linux 8.10 Powerpc
- Ubuntu ubuntu_linux 8.10 Sparc
- Xine xine-lib 1.0.0
- Xine xine-lib 1.0.1
- Xine xine-lib 1.0.2
- Xine xine-lib 1.1.0
- Xine xine-lib 1.1.1
- Xine xine-lib 1.1.10
- Xine xine-lib 1.1.10.1
- Xine xine-lib 1.1.11
- Xine xine-lib 1.1.11.1
- Xine xine-lib 1.1.12
- Xine xine-lib 1.1.13
- Xine xine-lib 1.1.14
- Xine xine-lib 1.1.15
- Xine xine-lib 1.1.16
- Xine xine-lib 1.1.16.1
- Xine xine-lib 1.1.2
- Xine xine-lib 1.1.3
- Xine xine-lib 1.1.4
- Xine xine-lib 1.1.9
- Xine xine-lib 1.1.9.1
References
- BugTraq: 33502
- CVE: CVE-2009-0385