Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2160

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-2160
Last Modified 06 Sep 2011 11:17:06
Published 20 May 2011 06:55:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2160

Summary

The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.

Vulnerable Systems

Application

  • Ffmpeg 0.3

  • Ffmpeg 0.3.1

  • Ffmpeg 0.3.2

  • Ffmpeg 0.3.3

  • Ffmpeg 0.3.4

  • Ffmpeg 0.4.0

  • Ffmpeg 0.4.2

  • Ffmpeg 0.4.3

  • Ffmpeg 0.4.4

  • Ffmpeg 0.4.5

  • Ffmpeg 0.4.6

  • Ffmpeg 0.4.7

  • Ffmpeg 0.4.8

  • Ffmpeg 0.4.9

  • Ffmpeg 0.5

  • Ffmpeg 0.5.1

  • Ffmpeg 0.5.2

  • Ffmpeg 0.5.3

  • Mplayerhq Mplayer


References

BID - 47956

CONFIRM - http://ffmpeg.mplayerhq.hu/


Last Updated: 27 May 2016 10:56:56