CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 3CVE-2008-4866
https://notcve.org/view.php?id=CVE-2008-4866
Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. Múltiples desbordamientos de búfer en libavformat/utils.c en FFmpeg 0.4.9 antes de r14715, como lo usa MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con código de generación de DTS con un retraso mayor que MAX_REORDER_DELAY. • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html http://secunia.com/advisories/34296 http://secunia.com/advisories/34385 http://secunia.com/advisories/34845 http://security.gentoo.org/glsa/glsa-200903-33.xml http://www.debian.org/security/2009/dsa-1782 http://www.mandriva.com/security/advisories?name=MDVSA-2009:013 h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4867
https://notcve.org/view.php?id=CVE-2008-4867
Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. Desbordamiento de búfer en libavcodec/dca.c en FFmpeg 0.4.9 antes de r14917, como es usado por MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con un valor DCA_MAX_FRAME_SIZE incorrecto. • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html http://secunia.com/advisories/34296 http://secunia.com/advisories/34385 http://security.gentoo.org/glsa/glsa-200903-33.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:013 http://www.mandriva.com/security/advisories?name=MDVSA-2009:014 http://www.mandriva.com/security/advisories?name=MDVSA-2009:015 http://www.openwall.com/lists&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4869
https://notcve.org/view.php?id=CVE-2008-4869
FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." FFmpeg 0.4.9, del modo que lo usa MPlayer, permite a atacantes dependientes del contexto provocar una denegación de servicio (agotamiento de memoria) mediante vectores desconocidos, también conocido como "Tcp/udp memory leak (fuga de memoria tcp/udp)". • http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html http://secunia.com/advisories/34385 http://security.gentoo.org/glsa/glsa-200903-33.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 http://www.openwall.com/lists/oss-security/2008/10/29/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/46326 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 13%CPEs: 14EXPL: 1CVE-2008-3162 – FFmpeg libavformat - 'psxstr.c' STR Data Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-3162
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors. Desbordamiento de búfer basado en pila en la función str_read_packet de libavformat/psxstr.c de FFmpeg anterior a r13993 , permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código de su elección mediante un fichero STR manipulado que intercala los sectores de audio y vídeo. • https://www.exploit-db.com/exploits/32019 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489965 http://secunia.com/advisories/30994 http://secunia.com/advisories/31268 http://secunia.com/advisories/34385 http://secunia.com/advisories/34905 http://security.gentoo.org/glsa/glsa-200903-33.xml http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993 http://www.debian.org/security/2009/dsa-1781 http://www.mandriva.com/security/advisories?name=MDVSA-2008:157 http://www.op • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 7%CPEs: 4EXPL: 0CVE-2006-4800
https://notcve.org/view.php?id=CVE-2006-4800
Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Múltiples desbordamientos de buffer en libavcodec en ffmpeg anterior a 0.4.9_p20060530 permite a un atacante remoto causar denegación de servicio o la posibilidad de ejecutar código de su elección a través de multiples vectores no especificados en (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, y (13) tta.c. NOTA: es probable que esta sea una vulnerabilidad diferente a la CVE-2005-4048 y CVE-2006-2802. • http://bugs.gentoo.org/show_bug.cgi?id=133520 http://secunia.com/advisories/21921 http://secunia.com/advisories/22180 http://secunia.com/advisories/22181 http://secunia.com/advisories/22182 http://secunia.com/advisories/22198 http://secunia.com/advisories/22200 http://secunia.com/advisories/22201 http://secunia.com/advisories/22202 http://secunia.com/advisories/22203 http://secunia.com/advisories/22230 http://secunia.com/advisories/23010 http://secunia.com/advisories/2 •