漏洞信息详情
FFmpeg avcodec_close函数未明漏洞
- CNNVD编号:CNNVD-200811-007
- 危害等级: 低危
- CVE编号: CVE-2008-4868
- 漏洞类型: 资料不足
- 发布时间: 2008-11-01
- 威胁类型: 远程
- 更新时间: 2009-03-26
- 厂 商: ffmpeg
- 漏洞来源:
漏洞简介
FFmpeg r14917之前的0.4.9版本中的avcodec_close函数存在未明漏洞。当被Mplayer使用时,攻击者可以借助与一个空闲的\"随机指针\"相关的向量,造成未知影响。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
MandrakeSoft Linux Mandrake 2008.1 x86_64
Mandriva mplayer-86_64.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu ffmpeg_0.cvs20070307-5ubuntu4.2_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs2 0070307-5ubuntu4.2_powerpc.deb
Debian Linux 4.0 arm
Debian mplayer_1.0~rc1-12etch7_arm.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_arm.deb
MandrakeSoft Linux Mandrake 2008.1
Mandriva mplayer-.i586.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu ffmpeg_0.cvs20070307-5ubuntu7.3_powerpc.deb
http://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5u buntu7.3_powerpc.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu ffmpeg-dbg_0.svn20080206-12ubuntu3.1_powerpc.deb
http://ports.ubuntu.com/pool/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn2008 0206-12ubuntu3.1_powerpc.deb
Debian Linux 4.0 powerpc
Debian mplayer_1.0~rc1-12etch7_powerpc.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_powerpc.deb
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu ffmpeg-dbg_0.svn20080206-12ubuntu3.1_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg-debian/ffmpeg-dbg _0.svn20080206-12ubuntu3.1_i386.deb
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu ffmpeg_0.cvs20070307-5ubuntu7.3_sparc.deb
http://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5u buntu7.3_sparc.deb
Debian Linux 4.0 m68k
Debian mplayer-doc_1.0~rc1-12etch7_all.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0 ~rc1-12etch7_all.deb
MandrakeSoft Linux Mandrake 2008.0 x86_64
Mandriva mplayer-86_64.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu ffmpeg_0.cvs20070307-5ubuntu7.3_amd64.deb
http://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs2 0070307-5ubuntu7.3_amd64.deb
MandrakeSoft Linux Mandrake 2008.0
Mandriva mplayer-i586.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu ffmpeg_0.cvs20070307-5ubuntu4.2_sparc.deb
http://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs2 0070307-5ubuntu4.2_sparc.deb
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu ffmpeg_0.cvs20070307-5ubuntu7.3_lpia.deb
http://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5u buntu7.3_lpia.deb
Ubuntu Ubuntu Linux 7.10 lpia
Ubuntu ffmpeg_0.cvs20070307-5ubuntu4.2_lpia.deb
http://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5u buntu4.2_lpia.deb
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu ffmpeg-dbg_0.svn20080206-12ubuntu3.1_lpia.deb
http://ports.ubuntu.com/pool/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn2008 0206-12ubuntu3.1_lpia.deb
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu ffmpeg_0.cvs20070307-5ubuntu4.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs2 0070307-5ubuntu4.2_i386.deb
Ubuntu libavcodec-dev_0.cvs20070307-5ubuntu4.2_i386.deb
Debian Linux 4.0 amd64
Debian mplayer_1.0~rc1-12etch7_amd64.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_amd64.deb
Debian Linux 4.0 ia-32
Debian mplayer_1.0~rc1-12etch7_i386.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_i386.deb
Debian Linux 4.0 hppa
Debian mplayer_1.0~rc1-12etch7_hppa.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_hppa.deb
Debian Linux 4.0 sparc
Debian mplayer_1.0~rc1-12etch7_sparc.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_sparc.deb
Debian Linux 4.0 s/390
Debian mplayer_1.0~rc1-12etch7_s390.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_s390.deb
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu ffmpeg-dbg_0.svn20080206-12ubuntu3.1_sparc.deb
http://ports.ubuntu.com/pool/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn2008 0206-12ubuntu3.1_sparc.deb
MandrakeSoft Linux Mandrake 2009.0
Mandriva mplayer-1.0-1.rc2.18.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux
参考网址
来源: XF
名称: ffmpeg-avcodecclose-unspecified(46325)
链接:http://xforce.iss.net/xforce/xfdb/46325
来源: MLIST
名称: [oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities
链接:http://www.openwall.com/lists/oss-security/2008/10/29/6
来源: GENTOO
名称: GLSA-200903-33
链接:http://security.gentoo.org/glsa/glsa-200903-33.xml
来源: SECUNIA
名称: 34385
链接:http://secunia.com/advisories/34385
来源: MLIST
名称: [ffmpeg-cvslog] 20080816 r14787 - trunk/libavcodec/utils.c
链接:http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.HTML
来源: FULLDISC
名称: 20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities
链接:http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.HTML
受影响实体
- Ffmpeg Ffmpeg:0.4.3
- Ffmpeg Ffmpeg:0.4.9:Pre1
- Ffmpeg Ffmpeg:0.4.2
- Ffmpeg Ffmpeg:0.4.5
- Ffmpeg Ffmpeg:0.4.4
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论