Buffer overflow in Ffmpeg

CVE-2011-0722

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.

Vulnerability class: Buffer Overflow

EPSS: 0.009 (75.9th percentile) — read the EPSS interpretation.

Affected products

Ffmpeg — versions 0.3, 0.3.1, 0.3.2
Mplayerhq Mplayer
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

DSA-2306 (vendor-advisory, x_refsource_DEBIAN)
MDVSA-2011:061 (vendor-advisory, x_refsource_MANDRIVA)
MDVSA-2011:062 (vendor-advisory, x_refsource_MANDRIVA)
MDVSA-2011:114 (vendor-advisory, x_refsource_MANDRIVA)
USN-1104-1 (x_refsource_UBUNTU, vendor-advisory)
MDVSA-2011:089 (vendor-advisory, x_refsource_MANDRIVA)
security@ubuntu.com (x_refsource_CONFIRM)
ADV-2011-1241 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
47149 (vdb-entry, x_refsource_BID)