Vulnerabilities > CVE-2008-4610 - Resource Management Errors vulnerability in Mplayer

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
mplayer
CWE-399
nessus
exploit available

Summary

MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionMPlayer Malformed OGM File Handling DoS. CVE-2008-4610. Dos exploit for linux platform
    idEDB-ID:32857
    last seen2016-02-03
    modified2008-10-07
    published2008-10-07
    reporterHanno Bock
    sourcehttps://www.exploit-db.com/download/32857/
    titleMPlayer Malformed OGM File Handling DoS
  • descriptionMPlayer Malformed AAC File Handling DoS. CVE-2008-4610. Dos exploit for linux platform
    idEDB-ID:32856
    last seen2016-02-03
    modified2008-10-07
    published2008-10-07
    reporterHanno Bock
    sourcehttps://www.exploit-db.com/download/32856/
    titleMPlayer Malformed AAC File Handling DoS

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-335.NASL
    descriptionA vulnerability was discovered and corrected in ffmpeg : MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718 (CVE-2008-4610). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id43362
    published2009-12-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43362
    titleMandriva Linux Security Advisory : ffmpeg (MDVSA-2009:335)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201310-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201310-13 (MPlayer: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MPlayer and the bundled FFmpeg. Please review the CVE identifiers and FFmpeg GLSA referenced below for details. Impact : A remote attacker could entice a user to open a crafted media file to execute arbitrary code or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70648
    published2013-10-27
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70648
    titleGLSA-201310-13 : MPlayer: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-734-1.NASL
    descriptionIt was discovered that FFmpeg did not correctly handle certain malformed Ogg Media (OGM) files. If a user were tricked into opening a crafted Ogg Media file, an attacker could cause the application using FFmpeg to crash, leading to a denial of service. (CVE-2008-4610) It was discovered that FFmpeg did not correctly handle certain parameters when creating DTS streams. If a user were tricked into processing certain commands, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.10. (CVE-2008-4866) It was discovered that FFmpeg did not correctly handle certain malformed DTS Coherent Acoustics (DCA) files. If a user were tricked into opening a crafted DCA file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4867) It was discovered that FFmpeg did not correctly handle certain malformed 4X movie (4xm) files. If a user were tricked into opening a crafted 4xm file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0385). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38037
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38037
    titleUbuntu 7.10 / 8.04 LTS / 8.10 : ffmpeg, ffmpeg-debian vulnerabilities (USN-734-1)