CVE-2010-3429

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
ffmpeglibavcodec
*
ffmpegffmpeg
𝑥
≤ 0.6
ffmpegffmpeg
0.3
ffmpegffmpeg
0.3.1
ffmpegffmpeg
0.3.2
ffmpegffmpeg
0.3.3
ffmpegffmpeg
0.3.4
ffmpegffmpeg
0.4.0
ffmpegffmpeg
0.4.2
ffmpegffmpeg
0.4.3
ffmpegffmpeg
0.4.4
ffmpegffmpeg
0.4.5
ffmpegffmpeg
0.4.6
ffmpegffmpeg
0.4.7
ffmpegffmpeg
0.4.8
ffmpegffmpeg
0.4.9:pre1
ffmpegffmpeg
0.5
ffmpeglibavcodec
*
mplayerhqmplayer
𝑥
≤ 1.0
mplayerhqmplayer
0.01
mplayerhqmplayer
0.02
mplayerhqmplayer
0.05
mplayerhqmplayer
0.06
mplayerhqmplayer
0.07
mplayerhqmplayer
0.08
mplayerhqmplayer
0.09
mplayerhqmplayer
0.09:pre3
mplayerhqmplayer
0.10
mplayerhqmplayer
0.10:pre1
mplayerhqmplayer
0.10:pre2
mplayerhqmplayer
0.10:pre3
mplayerhqmplayer
0.10:pre4
mplayerhqmplayer
0.10:pre5
mplayerhqmplayer
0.10:pre6
mplayerhqmplayer
0.10:pre7
mplayerhqmplayer
0.11:pre10
mplayerhqmplayer
0.11:pre11
mplayerhqmplayer
0.11:pre12
mplayerhqmplayer
0.11:pre13
mplayerhqmplayer
0.11:pre14
mplayerhqmplayer
0.11:pre15
mplayerhqmplayer
0.11:pre16
mplayerhqmplayer
0.11:pre17
mplayerhqmplayer
0.11:pre18
mplayerhqmplayer
0.11:pre19
mplayerhqmplayer
0.11:pre2
mplayerhqmplayer
0.11:pre20
mplayerhqmplayer
0.11:pre21
mplayerhqmplayer
0.11:pre22
mplayerhqmplayer
0.11:pre23
mplayerhqmplayer
0.11:pre24
mplayerhqmplayer
0.11:pre3
mplayerhqmplayer
0.11:pre4
mplayerhqmplayer
0.11:pre5
mplayerhqmplayer
0.11:pre6
mplayerhqmplayer
0.11:pre7
mplayerhqmplayer
0.11:pre8
mplayerhqmplayer
0.11:pre9
mplayerhqmplayer
0.17_idegcounter:_idegcounter
mplayerhqmplayer
0.17a_idegcounter:a_idegcounter
mplayerhqmplayer
0.18:pre1
mplayerhqmplayer
0.18:pre2
mplayerhqmplayer
0.18:pre3
mplayerhqmplayer
0.18:pre4
mplayerhqmplayer
0.18:pre5
mplayerhqmplayer
0.50
mplayerhqmplayer
0.50:pre1
mplayerhqmplayer
0.50:pre2
mplayerhqmplayer
0.50:pre3
mplayerhqmplayer
0.60
mplayerhqmplayer
0.60:pre1
mplayerhqmplayer
0.60:pre2
mplayerhqmplayer
0.90
mplayerhqmplayer
0.90:pre1
mplayerhqmplayer
0.90:pre10
mplayerhqmplayer
0.90:pre2
mplayerhqmplayer
0.90:pre3
mplayerhqmplayer
0.90:pre4
mplayerhqmplayer
0.90:pre5
mplayerhqmplayer
0.90:pre6
mplayerhqmplayer
0.90:pre7
mplayerhqmplayer
0.90:pre8
mplayerhqmplayer
0.90:pre9
mplayerhqmplayer
0.90:rc1
mplayerhqmplayer
0.90:rc2
mplayerhqmplayer
0.90:rc3
mplayerhqmplayer
0.90:rc3-pre1
mplayerhqmplayer
0.90:rc3-pre2
mplayerhqmplayer
0.90:rc3-pre3
mplayerhqmplayer
0.90:rc4
mplayerhqmplayer
0.90:rc5
mplayerhqmplayer
0.91
mplayerhqmplayer
0.92
mplayerhqmplayer
0.92.1
mplayerhqmplayer
0.93
mplayerhqmplayer
1.0:pre1
mplayerhqmplayer
1.0:pre2
mplayerhqmplayer
1.0:pre3
mplayerhqmplayer
1.0:pre3try2
mplayerhqmplayer
1.0:pre4
mplayerhqmplayer
1.0:pre5
mplayerhqmplayer
1.0:pre5try2
mplayerhqmplayer
1.0:pre6
mplayerhqmplayer
1.0:pre6a
mplayerhqmplayer
1.0:pre7
mplayerhqmplayer
1.0:pre7try2
mplayerhqmplayer
1.0:pre8
mplayerhqmplayer
1.0:rc1
mplayerhqmplayer
1.0:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bullseye
7:4.3.7-0+deb11u1
fixed
bullseye (security)
7:4.3.8-0+deb11u1
fixed
bookworm
7:5.1.6-0+deb12u1
fixed
bookworm (security)
7:5.1.6-0+deb12u1
fixed
sid
7:7.1-3
fixed
trixie
7:7.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ffmpeg
maverick
Fixed 4:0.6-2ubuntu5
released
lucid
Fixed 4:0.5.1-1ubuntu1.1
released
karmic
Fixed 4:0.5+svn20090706-2ubuntu2.3
released
jaunty
ignored
hardy
Fixed 3:0.cvs20070307-5ubuntu7.6
released
dapper
ignored
ffmpeg-debian
maverick
dne
lucid
dne
karmic
dne
jaunty
ignored
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://git.ffmpeg.org/?p=ffmpeg%3Ba=commit%3Bh=16c592155f117ccd7b86006c45aacc692a81c23b
http://secunia.com/advisories/41626
http://secunia.com/advisories/43323
http://www.debian.org/security/2011/dsa-2165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.ocert.org/advisories/ocert-2010-004.html
http://www.openwall.com/lists/oss-security/2010/09/28/4
http://www.securityfocus.com/archive/1/514009/100/0/threaded
http://www.ubuntu.com/usn/usn-1104-1/
http://www.vupen.com/english/advisories/2010/2517
http://www.vupen.com/english/advisories/2010/2518
http://www.vupen.com/english/advisories/2011/1241
https://bugzilla.redhat.com/show_bug.cgi?id=635775
http://git.ffmpeg.org/?p=ffmpeg%3Ba=commit%3Bh=16c592155f117ccd7b86006c45aacc692a81c23b
http://secunia.com/advisories/41626
http://secunia.com/advisories/43323
http://www.debian.org/security/2011/dsa-2165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.ocert.org/advisories/ocert-2010-004.html
http://www.openwall.com/lists/oss-security/2010/09/28/4
http://www.securityfocus.com/archive/1/514009/100/0/threaded
http://www.ubuntu.com/usn/usn-1104-1/
http://www.vupen.com/english/advisories/2010/2517
http://www.vupen.com/english/advisories/2010/2518
http://www.vupen.com/english/advisories/2011/1241
https://bugzilla.redhat.com/show_bug.cgi?id=635775