CVE-2010-4704
Description
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*range: <=0.6.1
- cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*
- (no CPE)range: <=0.6.1
Patches
Vulnerability mechanics
Root cause
"Missing input validation in the vorbis_floor0_decode function allows crafted floor configuration data to cause a crash."
Attack vector
An attacker crafts a malicious .ogg file containing specially formed Vorbis audio data that triggers a flaw in the `vorbis_floor0_decode` function. When FFmpeg attempts to decode the crafted file, the lack of proper input validation [CWE-20] leads to an application crash. The attack requires no authentication and is delivered over the network by inducing the victim to open or process the malicious .ogg file.
Affected code
The vulnerability resides in `libavcodec/vorbis_dec.c` within the `vorbis_floor0_decode` function. This function is part of the Vorbis decoder in FFmpeg 0.6.1 and earlier.
What the fix does
No patch is included in the bundle. The advisory states that FFmpeg 0.6.1 and earlier are affected, implying the fix was applied in a later release. The remediation is to upgrade to a version of FFmpeg newer than 0.6.1, which presumably adds input validation to the `vorbis_floor0_decode` function to reject malformed floor configuration data before it can cause a crash.
Preconditions
- inputThe victim must process a crafted .ogg file using an affected version of FFmpeg (0.6.1 or earlier).
- authNo authentication or special privileges are required by the attacker.
Reproduction
The public PoC reference at https://roundup.ffmpeg.org/issue2322 is listed, but the bundle does not include its content. Therefore, no reproduction steps can be provided.
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
16- roundup.ffmpeg.org/issue2322nvdExploit
- ffmpeg.mplayerhq.hunvd
- git.ffmpeg.orgnvd
- secunia.com/advisories/43323nvd
- www.debian.org/security/2011/dsa-2165nvd
- www.debian.org/security/2011/dsa-2306nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/46294nvd
- www.ubuntu.com/usn/usn-1104-1/nvd
- www.vupen.com/english/advisories/2011/1241nvd
News mentions
0No linked articles in our index yet.