Buffer overflow in Ffmpeg

CVE-2010-3908

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.

Vulnerability class: Buffer Overflow

EPSS: 0.023 (85.1th percentile) — read the EPSS interpretation.

Affected products

Ffmpeg — versions 0.3, 0.3.1, 0.3.2
Mplayerhq Mplayer
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

DSA-2306 (vendor-advisory, x_refsource_DEBIAN)
MDVSA-2011:061 (vendor-advisory, x_refsource_MANDRIVA)
USN-1104-1 (x_refsource_UBUNTU, vendor-advisory)
security@ubuntu.com (x_refsource_CONFIRM)