CVE-2008-4610

MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.

Affected Software

Name	Vendor	Start Version	End Version
Mplayer	Mplayer	0.92	0.92
Mplayer	Mplayer	*	1.0_rc1
Mplayer	Mplayer	1.0_pre2	1.0_pre2
Mplayer	Mplayer	0.90	0.90
Mplayer	Mplayer	1.0_pre1	1.0_pre1
Mplayer	Mplayer	0.90_rc	0.90_rc
Mplayer	Mplayer	1.0_pre5try2	1.0_pre5try2
Mplayer	Mplayer	0.92.1	0.92.1
Mplayer	Mplayer	1.0_pre3	1.0_pre3
Mplayer	Mplayer	1.0_pre7try2	1.0_pre7try2
Mplayer	Mplayer	0.92_cvs	0.92_cvs
Mplayer	Mplayer	1.0_pre5	1.0_pre5
Mplayer	Mplayer	0.91	0.91
Mplayer	Mplayer	1.0_pre5try1	1.0_pre5try1
Mplayer	Mplayer	1.0_pre3try2	1.0_pre3try2
Mplayer	Mplayer	1.0_pre7	1.0_pre7
Mplayer	Mplayer	1.0_pre6	1.0_pre6
Mplayer	Mplayer	0.90_pre	0.90_pre
Mplayer	Mplayer	0.90_rc4	0.90_rc4
Mplayer	Mplayer	1.0_pre4	1.0_pre4
Ffmpeg	Ubuntu	dapper	*
Ffmpeg	Ubuntu	gutsy	*
Ffmpeg	Ubuntu	hardy	*
Ffmpeg	Ubuntu	intrepid	*
Ffmpeg-debian	Ubuntu	intrepid	*
Mplayer	Ubuntu	dapper	*
Mplayer	Ubuntu	gutsy	*
Mplayer	Ubuntu	hardy	*
Mplayer	Ubuntu	intrepid	*
Mplayer	Ubuntu	jaunty	*
Mplayer	Ubuntu	karmic	*
Mplayer	Ubuntu	lucid	*
Mplayer	Ubuntu	maverick	*
Mplayer	Ubuntu	natty	*
Mplayer	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-4610
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References