PT-2011-3648 · FFmpeg · Ffmpeg

Published

2011-05-20

Updated

2011-09-07

CVE-2011-2160

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 0.5.4

Description The VC-1 decoding functionality in FFmpeg does not properly restrict read operations, allowing remote attackers to have an unspecified impact via a crafted VC-1 file.

Recommendations For versions prior to 0.5.4, update to version 0.5.4 or later to resolve the issue. As a temporary workaround, consider disabling the VC-1 decoding functionality until a patch is available. Restrict access to crafted VC-1 files to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-2160

DSA-2306-1

Affected Products

Ffmpeg

PT-2011-3648 · FFmpeg · Ffmpeg

CVE-2011-2160

Weakness Enumeration

Related Identifiers

Affected Products

References · 6