PublicDateAtUSN: 2011-02-16
Candidate: CVE-2010-3908
PublicDate: 2011-05-20 22:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3908
 https://ubuntu.com/security/notices/USN-1104-1
Description:
 FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote
 attackers to cause a denial of service (memory corruption and application
 crash) or possibly execute arbitrary code via a malformed WMV file.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/690169
Priority: medium
Discovered-by: Dan Rosenberg
Assigned-to: 
CVSS: 

Patches_ffmpeg:
 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=48b086b0efa40799ace96bcec010b6b72a9490d6 (0.5.x)
 upstream: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=445f0a8b666a34e6402f6ae96c6804c8bc024baa (trunk, 0.6.x)
upstream_ffmpeg: needed
dapper_ffmpeg: ignored (reached end-of-life)
hardy_ffmpeg: released (3:0.cvs20070307-5ubuntu7.6)
karmic_ffmpeg: released (4:0.5+svn20090706-2ubuntu2.3)
lucid_ffmpeg: released (4:0.5.1-1ubuntu1.1)
maverick_ffmpeg: not-affected (4:0.6-2ubuntu6)
devel_ffmpeg: DNE