CVE-2011-2160

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 0.5.4

Description The VC-1 decoding functionality in FFmpeg does not properly restrict read operations, allowing remote attackers to have an unspecified impact via a crafted VC-1 file.

Recommendations For versions prior to 0.5.4, update to version 0.5.4 or later to resolve the issue. As a temporary workaround, consider disabling the VC-1 decoding functionality until a patch is available. Restrict access to crafted VC-1 files to minimize the risk of exploitation.