CVE-2010-4704

Name of the Vulnerable Software and Affected Versions FFmpeg versions 0.6.1 and earlier

Description The issue is related to the Vorbis decoder in FFmpeg, where a crafted .ogg file can cause a denial of service, leading to an application crash. This is due to a problem in the vorbis floor0 decode function. Additionally, there are multiple vulnerabilities in the ffmpeg-debian package in Debian GNU/Linux that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations For FFmpeg versions 0.6.1 and earlier, consider updating to a newer version to resolve the issue. As a temporary workaround, consider avoiding the use of the Vorbis decoder until a patch is available. Restrict access to crafted .ogg files to minimize the risk of exploitation.