漏洞信息详情
FFmpeg 拒绝服务漏洞
- CNNVD编号:CNNVD-200811-008
- 危害等级: 中危
- CVE编号: CVE-2008-4869
- 漏洞类型: 资源管理错误
- 发布时间: 2008-11-01
- 威胁类型: 远程
- 更新时间: 2009-03-26
- 厂 商: ffmpeg
- 漏洞来源:
漏洞简介
FFmpeg是一种计算机程序,可以记录,转换和数字音频和多种格式视频。 FFmpeg是一个命令行工具,是一个自由软件的集合组成/开放源代码库。它使用包括libavcodec和其他几个项目的libav库格式,音频/视频容器复用器和复用器库。
当被Mplayer使用时,FFmpeg 0.4.9版本允许见机行事的攻击者借助未知向量,引起拒绝服务攻击(内存耗竭),又称\"Tcp/udp内存泄露\"。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
MandrakeSoft Linux Mandrake 2008.1 x86_64
Mandriva mplayer-86_64.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu ffmpeg_0.cvs20070307-5ubuntu4.2_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs2 0070307-5ubuntu4.2_powerpc.deb
Debian Linux 4.0 arm
Debian mplayer_1.0~rc1-12etch7_arm.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_arm.deb
MandrakeSoft Linux Mandrake 2008.1
Mandriva mplayer-.i586.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu ffmpeg_0.cvs20070307-5ubuntu7.3_powerpc.deb
http://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5u buntu7.3_powerpc.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu ffmpeg-dbg_0.svn20080206-12ubuntu3.1_powerpc.deb
http://ports.ubuntu.com/pool/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn2008 0206-12ubuntu3.1_powerpc.deb
Debian Linux 4.0 powerpc
Debian mplayer_1.0~rc1-12etch7_powerpc.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_powerpc.deb
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu ffmpeg-dbg_0.svn20080206-12ubuntu3.1_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg-debian/ffmpeg-dbg _0.svn20080206-12ubuntu3.1_i386.deb
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu ffmpeg_0.cvs20070307-5ubuntu7.3_sparc.deb
http://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5u buntu7.3_sparc.deb
Debian Linux 4.0 m68k
Debian mplayer-doc_1.0~rc1-12etch7_all.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0 ~rc1-12etch7_all.deb
MandrakeSoft Linux Mandrake 2008.0 x86_64
Mandriva mplayer-86_64.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu ffmpeg_0.cvs20070307-5ubuntu7.3_amd64.deb
http://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs2 0070307-5ubuntu7.3_amd64.deb
MandrakeSoft Linux Mandrake 2008.0
Mandriva mplayer-i586.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu ffmpeg_0.cvs20070307-5ubuntu4.2_sparc.deb
http://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs2 0070307-5ubuntu4.2_sparc.deb
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu ffmpeg_0.cvs20070307-5ubuntu7.3_lpia.deb
http://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5u buntu7.3_lpia.deb
Ubuntu Ubuntu Linux 7.10 lpia
Ubuntu ffmpeg_0.cvs20070307-5ubuntu4.2_lpia.deb
http://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5u buntu4.2_lpia.deb
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu ffmpeg-dbg_0.svn20080206-12ubuntu3.1_lpia.deb
http://ports.ubuntu.com/pool/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn2008 0206-12ubuntu3.1_lpia.deb
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu ffmpeg_0.cvs20070307-5ubuntu4.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs2 0070307-5ubuntu4.2_i386.deb
Ubuntu libavcodec-dev_0.cvs20070307-5ubuntu4.2_i386.deb
Debian Linux 4.0 amd64
Debian mplayer_1.0~rc1-12etch7_amd64.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_amd64.deb
Debian Linux 4.0 ia-32
Debian mplayer_1.0~rc1-12etch7_i386.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_i386.deb
Debian Linux 4.0 hppa
Debian mplayer_1.0~rc1-12etch7_hppa.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_hppa.deb
Debian Linux 4.0 sparc
Debian mplayer_1.0~rc1-12etch7_sparc.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_sparc.deb
Debian Linux 4.0 s/390
Debian mplayer_1.0~rc1-12etch7_s390.deb
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1 -12etch7_s390.deb
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu ffmpeg-dbg_0.svn20080206-12ubuntu3.1_sparc.deb
http://ports.ubuntu.com/pool/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn2008 0206-12ubuntu3.1_sparc.deb
MandrakeSoft Linux Mandrake 2009.0
Mandriva mplayer-1.0-1.rc2.18.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux
参考网址
来源: XF
名称: ffmpeg-tcpudp-dos(46326)
链接:http://xforce.iss.net/xforce/xfdb/46326
来源: MLIST
名称: [oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities
链接:http://www.openwall.com/lists/oss-security/2008/10/29/6
来源: MANDRIVA
名称: MDVSA-2009:297
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:297
来源: GENTOO
名称: GLSA-200903-33
链接:http://security.gentoo.org/glsa/glsa-200903-33.xml
来源: SECUNIA
名称: 34385
链接:http://secunia.com/advisories/34385
来源: FULLDISC
名称: 20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities
链接:http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.HTML
受影响实体
- Ffmpeg Ffmpeg:0.4.9:Pre1
- Ffmpeg Ffmpeg:0.4.2
- Ffmpeg Ffmpeg:0.4.3
- Ffmpeg Ffmpeg:0.4.5
- Ffmpeg Ffmpeg:0.4.4
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论