CVE-2011-2160

EPSS 0.75%
Published 20.05.2011 22:55:05
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ffmpeg ≫ Ffmpeg Version <= 0.5.3

Ffmpeg ≫ Ffmpeg Version0.3

Ffmpeg ≫ Ffmpeg Version0.3.1

Ffmpeg ≫ Ffmpeg Version0.3.2

Ffmpeg ≫ Ffmpeg Version0.3.3

Ffmpeg ≫ Ffmpeg Version0.3.4

Ffmpeg ≫ Ffmpeg Version0.4.0

Ffmpeg ≫ Ffmpeg Version0.4.2

Ffmpeg ≫ Ffmpeg Version0.4.3

Ffmpeg ≫ Ffmpeg Version0.4.4

Ffmpeg ≫ Ffmpeg Version0.4.5

Ffmpeg ≫ Ffmpeg Version0.4.6

Ffmpeg ≫ Ffmpeg Version0.4.7

Ffmpeg ≫ Ffmpeg Version0.4.8

Ffmpeg ≫ Ffmpeg Version0.4.9 Updatepre1

Ffmpeg ≫ Ffmpeg Version0.5

Ffmpeg ≫ Ffmpeg Version0.5.1

Ffmpeg ≫ Ffmpeg Version0.5.2

Mplayerhq ≫ Mplayer

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.75%	0.722

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://ffmpeg.mplayerhq.hu/

http://www.securityfocus.com/bid/47956

https://nvd.nist.gov/vuln/detail/CVE-2011-2160

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2160

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2160

EUVD