CVE-2008-3162 – FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-3162
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors. Desbordamiento de búfer basado en pila en la función str_read_packet de libavformat/psxstr.c de FFmpeg anterior a r13993 , permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección mediante un fichero STR manipulado que intercala los sectores de audio y vídeo. • bug=489965 http://secunia.com/advisories/30994 http://secunia.com/advisories/31268 http://secunia.com/advisories/34385 http://secunia.com/advisories/34905 http://security.gentoo.org/glsa/glsa-200903-33.xml http://svn.mplayerhq.hu/ffmpeg?... name=MDVSA-2008:157 http://www.openwall.com/lists/oss-security/2008/07/09/9 http://www.openwall.com/lists/oss-security/2008/07/16/4 http://www.securityfocus.com/bid/30154 http://www.ubuntu.com/usn/usn-630-1 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •