Denial of Service and Remote Code Execution in FFmpeg via Malformed WMV Files
CVE-2010-3908

Currently unrated

Key Information:

Vendor

Ffmpeg

Status
Ffmpeg
Mplayer
Vendor
CVE Published:
20 May 2011

What is CVE-2010-3908?

The vulnerability in FFmpeg allows remote attackers to exploit applications that rely on it, such as MPlayer, by sending a specially crafted WMV file. This exploitation can lead to memory corruption, causing the application to crash or potentially execute arbitrary code, presenting a significant security risk for users and systems relying on affected versions.

References

http://www.debian.org/security/2011/dsa-2306
vendor-advisoryx_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://www.ubuntu.com/usn/usn-1104-1/
vendor-advisoryx_refsource_UBUNTU

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.