Summaryinfo

A vulnerability has been found in FFmpeg up to 1.2 and classified as problematic. This impacts the function oma_read_header of the file libavformat/omadec.c. This manipulation causes an unknown weakness. There is no available exploit. Applying a patch is the recommended action to fix this issue.

Detailsinfo

A vulnerability has been found in FFmpeg up to 1.2 (Multimedia Processing Software) and classified as problematic. Affected by this vulnerability is the function oma_read_header of the file libavformat/omadec.c. The impact remains unknown.

The weakness was presented 03/31/2013 by Mateusz Jurczyk and Gynvael Coldwind with Google Security Team as confirmed git commit (GIT Repository). The advisory is shared at git.videolan.org. The public release was coordinated in cooperation with the project team. Technical details are known, but no exploit is available.

Upgrading to version 0.10.8 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.videolan.org. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at OSVDB (95356†). See VDB-9734, VDB-9732, VDB-9731 and VDB-9730 for similar entries. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Multimedia Processing Software

Name

• FFmpeg

Version

• 1.0
• 1.1
• 1.2

License

• open-source

Website

• Product: https://ffmpeg.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion