Vulnerability Details : CVE-2011-0480
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2011-0480
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0480
0.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0480
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-0480
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0480
-
http://ffmpeg.mplayerhq.hu/
FFmpegThird Party Advisory
-
http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3
403 ForbiddenBroken Link
-
http://roundup.ffmpeg.org/issue2550
404 Not FoundBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380
Repository / Oval RepositoryThird Party Advisory
-
http://www.srware.net/forum/viewtopic.php?f=18&t=2054
New Iron-Version: 8.0.555.1 Stable for Windows - SRWare.netThird Party Advisory
-
http://codereview.chromium.org/5964011
Issue 5964011: Fix a couple of errors with bad Vorbis headers, and go through the associated... - Code ReviewPatch;Vendor Advisory
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550
#610550 - [CVE-2011-0480] memory corruptions in the ffmpeg Vorbis codec - Debian Bug report logsIssue Tracking;Third Party Advisory
-
http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html
Chrome Releases: Chrome Stable ReleaseVendor Advisory
-
http://www.ubuntu.com/usn/usn-1104-1/
USN-1104-1: FFmpeg vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64671
Google Chrome Vorbis decoder buffer overflow CVE-2010-4705 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/45788
Google Chrome prior to 8.0.552.237 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://roundup.ffmpeg.org/issue2548
404 Not FoundBroken Link
-
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703
Broken Link
-
http://code.google.com/p/chromium/issues/detail?id=68115
68115 - Memory corruption with bad Vorbis streams (from CERT) - chromium - MonorailExploit;Issue Tracking;Patch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
mandriva.comThird Party Advisory
-
http://www.debian.org/security/2011/dsa-2306
Debian -- Security Information -- DSA-2306-1 ffmpegThird Party Advisory
-
http://src.chromium.org/viewvc/chrome?view=rev&revision=70200
[chrome] Revision 70200Broken Link
-
http://codereview.chromium.org/6069005
Issue 6069005: Pick up Vorbis fix. - Code ReviewVendor Advisory
Jump to