CVE-2011-0723 — Improper Input Validation in Ffmpeg

CWE-399 CWE-20 — Improper Input Validation9 documents5 sources

Severity

9.3CRITICALNVD

NVD6.8OSV6.8

EPSS

1.0%

top 22.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedMay 20

Latest updateMay 17

Description

FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.4.1-1+3

▶NVDffmpeg/ffmpeg0.5.3+19

🔴Vulnerability Details

GHSA

GHSA-xcpc-jvcx-3fxc: The VC-1 decoding functionality in FFmpeg before 0↗2022-05-17

▶

GHSA

GHSA-rp5c-q9p5-vm9v: FFmpeg 0↗2022-05-17

▶

OSV

CVE-2011-2160: The VC-1 decoding functionality in FFmpeg before 0↗2011-05-20

▶

OSV

CVE-2011-0723: FFmpeg 0↗2011-05-20

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2011-04-04

▶

Debian

CVE-2011-0723: ffmpeg - FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to ...↗2011

▶

Debian

CVE-2011-2160: ffmpeg - The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and o...↗2011

▶