Published: 20/05/2011 Updated: 17/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The ape_read_header function in ape.c in libavformat in FFmpeg prior to 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote malicious users to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ffmpeg ffmpeg

Debian Bug report logs - #628448 several vulnerabilities: CVE-2011-2162 CVE-2011-2161 CVE-2011-2160 Package: libav; Maintainer for libav is Debian Multimedia Maintainers <pkg-multimedia-maintainers@listsaliothdebianorg>; Reported by: Steffen Joeris <white@debianorg> Date: Sun, 29 May 2011 03:27:01 UTC Severity: g ...

FFmpeg could be made to run programs as your login if it opened a specially crafted file ...

CWE-399 https://github.com/FFmpeg/FFmpeg/commit/8312e3fc9041027a33c8bc667bb99740fdf41dd5 http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt http://ffmpeg.mplayerhq.hu/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628448 https://usn.ubuntu.com/1209-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-2161

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect