CVE-2010-3429

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."

Published: 2010-09-30 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2010-3429 is rated Moderate Risk (57.7/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 4.18%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2010-3429

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 4.99% 4.18% -0.81%
2 2025-04-01 4.15% 4.99% +0.84%
3 2025-03-30 4.15%

Full EPSS history (12 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-3429

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.6 6.4 [email protected]

Weakness enumeration for CVE-2010-3429

OS Trackers for CVE-2010-3429

vendor priority summary link
debian not yet assigned CVE-2010-3429 not yet assigned priority: Debian including 1 source packages (ffmpeg), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2010-3429
gentoo normal CVE-2010-3429: 2 GLSA(s) (201310-12, 201310-13), 2 atom(s) (media-video/ffmpeg, media-video/mplayer); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-3429
ubuntu medium CVE-2010-3429 medium priority: Ubuntu including 2 source packages (ffmpeg, ffmpeg-debian), 14 status rows across 7 suites (dapper, hardy, jaunty, karmic, lucid, maverick, upstream): DNE 5, released 5, ignored 3, needed 1. https://ubuntu.com/security/CVE-2010-3429

Affected software / configurations for CVE-2010-3429

Vendor Product Version Raw CPE
ffmpeg libavcodec cpe:2.3:a:ffmpeg:libavcodec:*:*:*:*:*:*:*:*
ffmpeg ffmpeg <= 0.6 cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.3 cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.3.1 cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.3.2 cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.3.3 cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.3.4 cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.4.0 cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.4.2 cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.4.3 cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.4.4 cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.4.5 cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.4.6 cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.4.7 cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.4.8 cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
ffmpeg ffmpeg 0.4.9 cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*
ffmpeg ffmpeg 0.5 cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
mplayerhq mplayer <= 1.0 cpe:2.3:a:mplayerhq:mplayer:*:rc3:*:*:*:*:*:*
mplayerhq mplayer 0.01 cpe:2.3:a:mplayerhq:mplayer:0.01:*:*:*:*:*:*:*
mplayerhq mplayer 0.02 cpe:2.3:a:mplayerhq:mplayer:0.02:*:*:*:*:*:*:*
mplayerhq mplayer 0.05 cpe:2.3:a:mplayerhq:mplayer:0.05:*:*:*:*:*:*:*
mplayerhq mplayer 0.06 cpe:2.3:a:mplayerhq:mplayer:0.06:*:*:*:*:*:*:*
mplayerhq mplayer 0.07 cpe:2.3:a:mplayerhq:mplayer:0.07:*:*:*:*:*:*:*
mplayerhq mplayer 0.08 cpe:2.3:a:mplayerhq:mplayer:0.08:*:*:*:*:*:*:*
mplayerhq mplayer 0.09 cpe:2.3:a:mplayerhq:mplayer:0.09:*:*:*:*:*:*:*
mplayerhq mplayer 0.09 cpe:2.3:a:mplayerhq:mplayer:0.09:pre3:*:*:*:*:*:*
mplayerhq mplayer 0.10 cpe:2.3:a:mplayerhq:mplayer:0.10:*:*:*:*:*:*:*
mplayerhq mplayer 0.10 cpe:2.3:a:mplayerhq:mplayer:0.10:pre1:*:*:*:*:*:*
mplayerhq mplayer 0.10 cpe:2.3:a:mplayerhq:mplayer:0.10:pre2:*:*:*:*:*:*
mplayerhq mplayer 0.10 cpe:2.3:a:mplayerhq:mplayer:0.10:pre3:*:*:*:*:*:*
mplayerhq mplayer 0.10 cpe:2.3:a:mplayerhq:mplayer:0.10:pre4:*:*:*:*:*:*
mplayerhq mplayer 0.10 cpe:2.3:a:mplayerhq:mplayer:0.10:pre5:*:*:*:*:*:*
mplayerhq mplayer 0.10 cpe:2.3:a:mplayerhq:mplayer:0.10:pre6:*:*:*:*:*:*
mplayerhq mplayer 0.10 cpe:2.3:a:mplayerhq:mplayer:0.10:pre7:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre10:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre11:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre12:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre13:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre14:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre15:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre16:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre17:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre18:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre19:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre2:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre20:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre21:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre22:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre23:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre24:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre3:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre4:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre5:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre6:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre7:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre8:*:*:*:*:*:*
mplayerhq mplayer 0.11 cpe:2.3:a:mplayerhq:mplayer:0.11:pre9:*:*:*:*:*:*
mplayerhq mplayer 0.17_idegcounter cpe:2.3:a:mplayerhq:mplayer:0.17_idegcounter:*:*:*:*:*:*:*
mplayerhq mplayer 0.17a_idegcounter cpe:2.3:a:mplayerhq:mplayer:0.17a_idegcounter:*:*:*:*:*:*:*
mplayerhq mplayer 0.18 cpe:2.3:a:mplayerhq:mplayer:0.18:pre1:*:*:*:*:*:*
mplayerhq mplayer 0.18 cpe:2.3:a:mplayerhq:mplayer:0.18:pre2:*:*:*:*:*:*
mplayerhq mplayer 0.18 cpe:2.3:a:mplayerhq:mplayer:0.18:pre3:*:*:*:*:*:*
mplayerhq mplayer 0.18 cpe:2.3:a:mplayerhq:mplayer:0.18:pre4:*:*:*:*:*:*
mplayerhq mplayer 0.18 cpe:2.3:a:mplayerhq:mplayer:0.18:pre5:*:*:*:*:*:*
mplayerhq mplayer 0.50 cpe:2.3:a:mplayerhq:mplayer:0.50:*:*:*:*:*:*:*
mplayerhq mplayer 0.50 cpe:2.3:a:mplayerhq:mplayer:0.50:pre1:*:*:*:*:*:*
mplayerhq mplayer 0.50 cpe:2.3:a:mplayerhq:mplayer:0.50:pre2:*:*:*:*:*:*
mplayerhq mplayer 0.50 cpe:2.3:a:mplayerhq:mplayer:0.50:pre3:*:*:*:*:*:*
mplayerhq mplayer 0.60 cpe:2.3:a:mplayerhq:mplayer:0.60:*:*:*:*:*:*:*
mplayerhq mplayer 0.60 cpe:2.3:a:mplayerhq:mplayer:0.60:pre1:*:*:*:*:*:*
mplayerhq mplayer 0.60 cpe:2.3:a:mplayerhq:mplayer:0.60:pre2:*:*:*:*:*:*
mplayerhq mplayer 0.90 cpe:2.3:a:mplayerhq:mplayer:0.90:*:*:*:*:*:*:*
mplayerhq mplayer 0.90 cpe:2.3:a:mplayerhq:mplayer:0.90:pre1:*:*:*:*:*:*
mplayerhq mplayer 0.90 cpe:2.3:a:mplayerhq:mplayer:0.90:pre10:*:*:*:*:*:*
mplayerhq mplayer 0.90 cpe:2.3:a:mplayerhq:mplayer:0.90:pre2:*:*:*:*:*:*
mplayerhq mplayer 0.90 cpe:2.3:a:mplayerhq:mplayer:0.90:pre3:*:*:*:*:*:*
mplayerhq mplayer 0.90 cpe:2.3:a:mplayerhq:mplayer:0.90:pre4:*:*:*:*:*:*
mplayerhq mplayer 0.90 cpe:2.3:a:mplayerhq:mplayer:0.90:pre5:*:*:*:*:*:*
mplayerhq mplayer 0.90 cpe:2.3:a:mplayerhq:mplayer:0.90:pre6:*:*:*:*:*:*
mplayerhq mplayer 0.90 cpe:2.3:a:mplayerhq:mplayer:0.90:pre7:*:*:*:*:*:*

References for CVE-2010-3429

URL Tags
http://git.ffmpeg.org/?p=ffmpeg%3Ba=commit%3Bh=16c592155f117ccd7b86006c45aacc692a81c23b
http://secunia.com/advisories/41626 Vendor Advisory
http://secunia.com/advisories/43323
http://www.debian.org/security/2011/dsa-2165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.ocert.org/advisories/ocert-2010-004.html
http://www.openwall.com/lists/oss-security/2010/09/28/4
http://www.securityfocus.com/archive/1/514009/100/0/threaded
http://www.ubuntu.com/usn/usn-1104-1/
http://www.vupen.com/english/advisories/2010/2517 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2010/2518 Vendor Advisory
http://www.vupen.com/english/advisories/2011/1241
https://bugzilla.redhat.com/show_bug.cgi?id=635775
cvelogic Threat Intelligence