Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4610

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4610
Last Modified 20 Mar 2009 01:49:01
Published 20 Oct 2008 01:59:26
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4610

Summary

MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.

Vulnerable Systems

Application

  • Mplayer 0.90

  • Mplayer 0.90 Pre

  • Mplayer 0.90 Rc

  • Mplayer 0.90 Rc4

  • Mplayer 0.91

  • Mplayer 0.92

  • Mplayer 0.92 Cvs

  • Mplayer 0.92.1

  • Mplayer 1.0 Pre1

  • Mplayer 1.0 Pre2

  • Mplayer 1.0 Pre3

  • Mplayer 1.0 Pre3try2

  • Mplayer 1.0 Pre4

  • Mplayer 1.0 Pre5

  • Mplayer 1.0 Pre5try1

  • Mplayer 1.0 Pre5try2

  • Mplayer 1.0 Pre6

  • Mplayer 1.0 Pre7

  • Mplayer 1.0 Pre7try2

  • Mplayer 1.0 Rc1


References

UBUNTU - USN-734-1

MLIST - [oss-security] 20081007 CVE request: crashers / potential security risks in mplayer

SECUNIA - 34296


Last Updated: 27 May 2016 10:48:34