CVE-2011-2161
FFmpeg < 0.5.4 - Denial of Service via APE File with Header but No Frames
Title source: llmDescription
The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/FFmpeg/FFmpeg/commit/8312e3fc9041027a33c8bc667bb99740fdf41dd5
Vendor Advisory x_refsource_confirm
http://ffmpeg.mplayerhq.hu/
Broken Link x_refsource_misc
http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt
Scores
EPSS
0.0047
EPSS Percentile
64.7%
Details
CWE
CWE-399
Status
published
Products (1)
ffmpeg/ffmpeg
< 0.5.4
Published
May 20, 2011
Tracked Since
Feb 18, 2026