CVE-2008-4866
Mandriva Linux Security Advisory 2009-013
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.
Múltiples desbordamientos de búfer en libavformat/utils.c en FFmpeg 0.4.9 antes de r14715, como lo usa MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con código de generación de DTS con un retraso mayor que MAX_REORDER_DELAY.
It was discovered that FFmpeg did not correctly handle certain malformed Ogg Media (OGM) files. If a user were tricked into opening a crafted Ogg Media file, an attacker could cause the application using FFmpeg to crash, leading to a denial of service. It was discovered that FFmpeg did not correctly handle certain parameters when creating DTS streams. If a user were tricked into processing certain commands, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.10. It was discovered that FFmpeg did not correctly handle certain malformed DTS Coherent Acoustics (DCA) files. If a user were tricked into opening a crafted DCA file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that FFmpeg did not correctly handle certain malformed 4X movie (4xm) files. If a user were tricked into opening a crafted 4xm file, an attacker could execute arbitrary code with the privileges of the user invoking the program.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-10-31 CVE Reserved
- 2008-10-31 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/34296 | Third Party Advisory | |
| http://secunia.com/advisories/34385 | Third Party Advisory | |
| http://secunia.com/advisories/34845 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2008/10/29/6 | Mailing List |
|
| http://www.securityfocus.com/bid/33308 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46322 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200903-33.xml | 2017-08-08 | |
| http://www.debian.org/security/2009/dsa-1782 | 2017-08-08 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:013 | 2017-08-08 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:015 | 2017-08-08 | |
| http://www.ubuntu.com/usn/USN-734-1 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | <= 0.4.9 Search vendor "Ffmpeg" for product "Ffmpeg" and version " <= 0.4.9" | pre1 |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.3" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.3.1 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.3.1" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.3.2 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.3.2" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.3.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.3.3" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.3.4 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.3.4" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.0 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.0" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.2 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.2" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.3" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.4 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.4" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.5 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.5" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.6 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.6" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.7 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.7" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.8 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.8" | - |
Affected
| in | Mplayer Search vendor "Mplayer" | Mplayer Search vendor "Mplayer" for product "Mplayer" | * | - |
Safe
|