CVE-2008-4610
EPSS 4.5%mplayer - arbitrary code execution
Published: 10/20/2008Modified: 4/28/2026
Also known as:DEBIAN-CVE-2008-4610
Description
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
Affected packages (3)
- Debian/ffmpegfrom 0, < 7:2.4.1-1
- Debian/mplayerfrom 0, < 1.0~rc2-20
- Debian/mplayerfrom 0, < 1.0~rc2-17+lenny2