CVE-2008-4610
published 2008-10-20CVE-2008-4610: MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
9.28%
94.7th percentile
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ffmpeg | < ffmpeg 7:2.4.1-1 (bookworm) | ffmpeg 7:2.4.1-1 (bookworm) |
| debian | mplayer | < ffmpeg 7:2.4.1-1 (bookworm) | ffmpeg 7:2.4.1-1 (bookworm) |
| ffmpeg | ffmpeg | >= 0 < 7:2.4.1-1 | 7:2.4.1-1 |
| ffmpeg | ffmpeg | >= 0 < 7:2.4.1-1 | 7:2.4.1-1 |
| ffmpeg | ffmpeg | >= 0 < 7:2.4.1-1 | 7:2.4.1-1 |
| ffmpeg | ffmpeg | >= 0 < 7:2.4.1-1 | 7:2.4.1-1 |
| mplayer | mplayer | <= 1.0_rc1 | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_ubuntu5.0MEDIUM
vendor_debian4.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w3rv-993w-f388: MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2008-4610 [MEDIUM] GHSA-w3rv-993w-f388: MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
OSV
CVE-2008-4610: MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc
osv·2008-10-20·CVSS 4.3
CVE-2008-4610 [MEDIUM] CVE-2008-4610: MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
Ubuntu
FFmpeg vulnerabilities
vendor_ubuntu·2009-03-16·CVSS 5.0
CVE-2008-4610 [MEDIUM] FFmpeg vulnerabilities
Title: FFmpeg vulnerabilities
Summary: FFmpeg vulnerabilities
It was discovered that FFmpeg did not correctly handle certain malformed
Ogg Media (OGM) files. If a user were tricked into opening a crafted Ogg
Media file, an attacker could cause the application using FFmpeg to crash,
leading to a denial of service. (CVE-2008-4610)
It was discovered that FFmpeg did not correctly handle certain parameters
when creating DTS streams. If a user were tricked into processing certain
commands, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. This issue only affected Ubuntu 8.10. (CVE-2008-4866)
It was discovered that FFmpeg did not correctly handle certain malformed
DTS Coherent Acoustics (
Debian
CVE-2008-4610: ffmpeg - MPlayer allows remote attackers to cause a denial of service (application crash)...
vendor_debian·2008·CVSS 4.3
CVE-2008-4610 [MEDIUM] CVE-2008-4610: ffmpeg - MPlayer allows remote attackers to cause a denial of service (application crash)...
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
Scope: local
bookworm: resolved (fixed in 7:2.4.1-1)
bullseye: resolved (fixed in 7:2.4.1-1)
forky: resolved (fixed in 7:2.4.1-1)
sid: resolved (fixed in 7:2.4.1-1)
trixie: resolved (fixed in 7:2.4.1-1)
No detection rules found.
Exploit-DB
MPlayer - '.AAC' File Handling Denial of Service
exploitdb·2008-10-07
CVE-2008-4610 MPlayer - '.AAC' File Handling Denial of Service
MPlayer - '.AAC' File Handling Denial of Service
---
source: https://www.securityfocus.com/bid/34136/info
MPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed media files.
Successfully exploiting this issue allows remote attackers to deny service to legitimate users.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32856.aac
Exploit-DB
MPlayer - '.OGM' File Handling Denial of Service
exploitdb·2008-10-07
CVE-2008-4610 MPlayer - '.OGM' File Handling Denial of Service
MPlayer - '.OGM' File Handling Denial of Service
---
source: https://www.securityfocus.com/bid/34136/info
MPlayer is prone to multiple denial-of-service vulnerabilities when handling malformed media files.
Successfully exploiting this issue allows remote attackers to deny service to legitimate users.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32857.ogm
No writeups or analysis indexed.
2008-10-20
Published