Description
The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47956
Various Sources x_refsource_confirm
http://ffmpeg.mplayerhq.hu/
Scores
EPSS
0.0075
EPSS Percentile
73.4%
Details
CWE
CWE-20
Status
published
Products (19)
ffmpeg/ffmpeg
0.3
ffmpeg/ffmpeg
0.3.1
ffmpeg/ffmpeg
0.3.2
ffmpeg/ffmpeg
0.3.3
ffmpeg/ffmpeg
0.3.4
ffmpeg/ffmpeg
0.4.0
ffmpeg/ffmpeg
0.4.2
ffmpeg/ffmpeg
0.4.3
ffmpeg/ffmpeg
0.4.4
ffmpeg/ffmpeg
0.4.5
... and 9 more
Published
May 20, 2011
Tracked Since
Feb 18, 2026