Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4866

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4866
Last Modified 14 May 2009 01:30:23
Published 31 Oct 2008 08:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4866

Summary

Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.

Vulnerable Systems

Application

  • Ffmpeg 0.3

  • Ffmpeg 0.3.1

  • Ffmpeg 0.3.2

  • Ffmpeg 0.3.3

  • Ffmpeg 0.3.4

  • Ffmpeg 0.4.0

  • Ffmpeg 0.4.2

  • Ffmpeg 0.4.3

  • Ffmpeg 0.4.4

  • Ffmpeg 0.4.5

  • Ffmpeg 0.4.6

  • Ffmpeg 0.4.7

  • Ffmpeg 0.4.8

  • Ffmpeg 0.4.9


References

XF - ffmpeg-utils-multiple-bo(46322)

UBUNTU - USN-734-1

BID - 33308

MLIST - [oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities

MANDRIVA - MDVSA-2009:015

MANDRIVA - MDVSA-2009:013

DEBIAN - DSA-1782

GENTOO - GLSA-200903-33

SECUNIA - 34845

SECUNIA - 34385

SECUNIA - 34296

MLIST - [ffmpeg-cvslog] 20080812 r14715 - trunk/libavformat/avformat.h

MLIST - [ffmpeg-cvslog] 20080812 r14714 - trunk/libavformat/utils.c

FULLDISC - 20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities


Last Updated: 27 May 2016 10:48:39