Description
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2306
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-1104-1/
Various Sources x_refsource_confirm
http://ffmpeg.mplayerhq.hu/
Scores
EPSS
0.0230
EPSS Percentile
84.9%
Details
CWE
CWE-119
Status
published
Products (19)
ffmpeg/ffmpeg
0.3
ffmpeg/ffmpeg
0.3.1
ffmpeg/ffmpeg
0.3.2
ffmpeg/ffmpeg
0.3.3
ffmpeg/ffmpeg
0.3.4
ffmpeg/ffmpeg
0.4.0
ffmpeg/ffmpeg
0.4.2
ffmpeg/ffmpeg
0.4.3
ffmpeg/ffmpeg
0.4.4
ffmpeg/ffmpeg
0.4.5
... and 9 more
Published
May 20, 2011
Tracked Since
Feb 18, 2026