Launchpad.net

CVE 2010-3908

FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.

Related bugs and status

CVE-2010-3908 (Candidate) is related to these bugs:

Bug #690169: Memory corruption in wmv parsing

Summary				In	Importance	Status
	690169	Memory corruption in wmv parsing		vlc (Ubuntu)	Undecided	Invalid
	690169	Memory corruption in wmv parsing		ffmpeg (Ubuntu)	Undecided	Fix Released

Bug #738134: Needed security upgrade for ffmpeg in lucid

		In	Importance	Status
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Hardy)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Karmic)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Maverick)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	ffmpeg (Ubuntu Lucid)	Medium	Fix Released
738134	Needed security upgrade for ffmpeg in lucid	Medibuntu	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://ffmpeg.mplayerh...
MANDRIVA: MDVSA-2011:061
UBUNTU: USN-1104-1
DEBIAN: DSA-2306