CVE-2008-4610

Publication date 20 October 2008

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.

Read the notes from the security team

Status

Package Ubuntu Release Status

Notes

mdeslaur

First issue is the same as CVE-2008-5244, but for mplayer The ogm issue is a ffmpeg problem. Just a crasher.

sbeattie

according to debian, first issue is actually a crash in libfaad2, though earlier mplayer didn't link against system libfaad2 examining packages, 2:1.0~rc4.dfsg1+svn33713-1 appears to be the first one that links against system libfaad

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details

References

Related Ubuntu Security Notices (USN)

    • USN-734-1
    • FFmpeg vulnerabilities
    • 16 March 2009

Other references