关键漏洞信息 漏洞标识: - CVE-2010-3908 - CVE-2010-4704 - CVE-2011-0480 - CVE-2011-0723 影响软件: - : A multimedia player, server and encoder. 影响版本: - before 0.5.4 is affected. 问题类型: - Remote vulnerabilities can cause: - Denial of Service (memory corruption and application crash). - Potential for remote attackers to execute arbitrary code through malformed media files. 具体漏洞描述: - CVE-2010-3908: - Attackers can cause a denial of service or execute arbitrary code via a malformed WMV file. - CVE-2010-4704: - Attackers can cause a denial of service or crash the application via a crafted .ogg file. - CVE-2011-0480: - Multiple buffer overflows in the Vorbis decoder allow attackers to cause a denial of service or unspecified impact via a crafted WebM file. - CVE-2011-0723: - Attackers can cause a denial of service or execute arbitrary code via a malformed RealMedia file. 建议的解决方案: - Upgrade to version 4:0.5.4-1 or later. - Security support for in the oldstable distribution (Lenny) has been discontinued.