VC-1 Decoding Vulnerability in FFmpeg Affects MPlayer and Other Products
CVE-2011-2160

Currently unrated

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg; Mplayer
Vendor: CVE Published:; 20 May 2011

What is CVE-2011-2160?

The VC-1 decoding functionality in FFmpeg before version 0.5.4 is susceptible to vulnerabilities that could lead to unauthorized read operations. Remote attackers can exploit this flaw by sending a specially crafted VC-1 file, potentially triggering unexpected behaviors in various products utilizing FFmpeg, including MPlayer. This issue raises significant security concerns, emphasizing the need for users to ensure they are utilizing updated versions of affected software.

References

http://www.securityfocus.com/bid/47956

vdb-entryx_refsource_BID

http://ffmpeg.mplayerhq.hu/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
May 20, 2011

Ffmpeg

What is CVE-2011-2160?

References

Timeline