Vulnerabilities > CVE-2008-4610 - Resource Management Errors vulnerability in Mplayer
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description MPlayer Malformed OGM File Handling DoS. CVE-2008-4610. Dos exploit for linux platform id EDB-ID:32857 last seen 2016-02-03 modified 2008-10-07 published 2008-10-07 reporter Hanno Bock source https://www.exploit-db.com/download/32857/ title MPlayer Malformed OGM File Handling DoS description MPlayer Malformed AAC File Handling DoS. CVE-2008-4610. Dos exploit for linux platform id EDB-ID:32856 last seen 2016-02-03 modified 2008-10-07 published 2008-10-07 reporter Hanno Bock source https://www.exploit-db.com/download/32856/ title MPlayer Malformed AAC File Handling DoS
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-335.NASL description A vulnerability was discovered and corrected in ffmpeg : MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718 (CVE-2008-4610). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 43362 published 2009-12-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43362 title Mandriva Linux Security Advisory : ffmpeg (MDVSA-2009:335) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201310-13.NASL description The remote host is affected by the vulnerability described in GLSA-201310-13 (MPlayer: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MPlayer and the bundled FFmpeg. Please review the CVE identifiers and FFmpeg GLSA referenced below for details. Impact : A remote attacker could entice a user to open a crafted media file to execute arbitrary code or cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70648 published 2013-10-27 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70648 title GLSA-201310-13 : MPlayer: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-734-1.NASL description It was discovered that FFmpeg did not correctly handle certain malformed Ogg Media (OGM) files. If a user were tricked into opening a crafted Ogg Media file, an attacker could cause the application using FFmpeg to crash, leading to a denial of service. (CVE-2008-4610) It was discovered that FFmpeg did not correctly handle certain parameters when creating DTS streams. If a user were tricked into processing certain commands, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.10. (CVE-2008-4866) It was discovered that FFmpeg did not correctly handle certain malformed DTS Coherent Acoustics (DCA) files. If a user were tricked into opening a crafted DCA file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4867) It was discovered that FFmpeg did not correctly handle certain malformed 4X movie (4xm) files. If a user were tricked into opening a crafted 4xm file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0385). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38037 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38037 title Ubuntu 7.10 / 8.04 LTS / 8.10 : ffmpeg, ffmpeg-debian vulnerabilities (USN-734-1)