Search for vulnerabilities
Vulnerability details: VCID-wx1p-rck2-aaad
Vulnerability ID VCID-wx1p-rck2-aaad
Aliases CVE-2011-0480
Summary Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.00675 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01810 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01810 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01810 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01810 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.01812 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.02234 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
epss 0.03496 https://api.first.org/data/v1/epss?cve=CVE-2011-0480
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2011-0480
Reference id Reference type URL
http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550
http://code.google.com/p/chromium/issues/detail?id=68115
http://codereview.chromium.org/5964011
http://codereview.chromium.org/6069005
http://ffmpeg.mplayerhq.hu/
http://git.ffmpeg.org/?p=ffmpeg.git%3Ba=commit%3Bh=13184036a6b1b1d4b61c91118c0896e9ad4634c3
http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3
http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html
http://osvdb.org/70463
http://roundup.ffmpeg.org/issue2548
http://roundup.ffmpeg.org/issue2550
https://api.first.org/data/v1/epss?cve=CVE-2011-0480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0480
http://secunia.com/advisories/42951
https://exchange.xforce.ibmcloud.com/vulnerabilities/64671
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14380
http://src.chromium.org/viewvc/chrome?view=rev&revision=70200
http://www.debian.org/security/2011/dsa-2306
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.securityfocus.com/bid/45788
http://www.srware.net/forum/viewtopic.php?f=18&t=2054
http://www.ubuntu.com/usn/usn-1104-1/
610550 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
CVE-2011-0480 https://nvd.nist.gov/vuln/detail/CVE-2011-0480
USN-1104-1 https://usn.ubuntu.com/1104-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-0480
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.80254
EPSS Score 0.00675
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.