CVE-2011-2161

The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
ffmpegffmpeg
𝑥
< 0.5.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bullseye
7:4.3.7-0+deb11u1
fixed
bullseye (security)
7:4.3.8-0+deb11u1
fixed
bookworm
7:5.1.6-0+deb12u1
fixed
bookworm (security)
7:5.1.6-0+deb12u1
fixed
sid
7:7.1-3
fixed
trixie
7:7.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ffmpeg
oneiric
dne
natty
dne
maverick
Fixed 4:0.6-2ubuntu6.2
released
lucid
Fixed 4:0.5.1-1ubuntu1.2
released
hardy
ignored
dapper
ignored
ffmpeg-extra
oneiric
dne
natty
dne
maverick
Fixed 4:0.6-2ubuntu3.3
released
lucid
Fixed 4:0.5.1-1ubuntu1.3
released
hardy
dne
dapper
dne
libav
oneiric
not-affected
natty
not-affected
maverick
dne
lucid
dne
hardy
dne
dapper
dne
libav-extra
oneiric
not-affected
natty
not-affected
maverick
dne
lucid
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://ffmpeg.mplayerhq.hu/
http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt
https://github.com/FFmpeg/FFmpeg/commit/8312e3fc9041027a33c8bc667bb99740fdf41dd5
http://ffmpeg.mplayerhq.hu/
http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt
https://github.com/FFmpeg/FFmpeg/commit/8312e3fc9041027a33c8bc667bb99740fdf41dd5