Vulnerability CVE-2008-4610

Vulnerability Name:

CVE-2008-4610 (CCN-46058)

Assigned:

2007-01-16

Published:

2007-01-16

Updated:

2009-03-20

Summary:

MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
2.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2008-4610

Source: CCN
Type: Sam Hocevars .plan Web site
Exposing file parsing vulnerabilities

Source: SECUNIA
Type: UNKNOWN
34296

Source: CCN
Type: MPlayer Web site
Download

Source: CCN
Type: oss-security Mailing List, Tue, 7 Oct 2008 12:50:41 +0200
CVE request: crashers / potential security risks in mplayer

Source: MLIST
Type: UNKNOWN
[oss-security] 20081007 CVE request: crashers / potential security risks in mplayer

Source: CCN
Type: BID-34136
MPlayer Multiple Remote Denial of Service Vulnerabilities

Source: CCN
Type: USN-734-1
FFmpeg vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-734-1

Source: XF
Type: UNKNOWN
mplayer-aac-ogm-dos(46058)

Vulnerable Configuration:

Configuration 1:

cpe:/a:mplayer:mplayer:0.90:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.91:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:*:*:*:*:*:*:*:* (Version <= 1.0_rc1)

Configuration CCN 1:

cpe:/a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.91:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:12918	P	USN-734-1 -- ffmpeg, ffmpeg-debian vulnerabilities	2014-06-30
oval:com.ubuntu.precise:def:20084610000	V	CVE-2008-4610 on Ubuntu 12.04 LTS (precise) - low.	2008-10-20

BACK