Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2161

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2161
Last Modified 23 May 2011 12:00:00
Published 20 May 2011 06:55:06
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2161

Summary

The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.

Vulnerable Systems

Application

  • Ffmpeg 0.3

  • Ffmpeg 0.3.1

  • Ffmpeg 0.3.2

  • Ffmpeg 0.3.3

  • Ffmpeg 0.3.4

  • Ffmpeg 0.4.0

  • Ffmpeg 0.4.2

  • Ffmpeg 0.4.3

  • Ffmpeg 0.4.4

  • Ffmpeg 0.4.5

  • Ffmpeg 0.4.6

  • Ffmpeg 0.4.7

  • Ffmpeg 0.4.8

  • Ffmpeg 0.4.9

  • Ffmpeg 0.5

  • Ffmpeg 0.5.1

  • Ffmpeg 0.5.2

  • Ffmpeg 0.5.3

  • Mplayerhq Mplayer

  • Videolan Vlc Media Player


References

CONFIRM - https://github.com/FFmpeg/FFmpeg/commit/8312e3fc9041027a33c8bc667bb99740fdf41dd5

MISC - http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt

CONFIRM - http://ffmpeg.mplayerhq.hu/


Last Updated: 27 May 2016 10:56:56