fkie_nvd - fkie_cve-2008-4866

fkie_cve-2008-4866

Vulnerability from fkie_nvd

Published

2008-11-01 00:00

Modified

2025-04-09 00:30

Severity ?

Summary

Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html	Exploit
cve@mitre.org	http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html	Exploit
cve@mitre.org	http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html	Exploit
cve@mitre.org	http://secunia.com/advisories/34296
cve@mitre.org	http://secunia.com/advisories/34385
cve@mitre.org	http://secunia.com/advisories/34845
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200903-33.xml
cve@mitre.org	http://www.debian.org/security/2009/dsa-1782
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:013
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:015
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/10/29/6
cve@mitre.org	http://www.securityfocus.com/bid/33308
cve@mitre.org	http://www.ubuntu.com/usn/USN-734-1
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/46322
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34296
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34385
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34845
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200903-33.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1782
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:013
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:015
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/10/29/6
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33308
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-734-1
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46322

Impacted products

Vendor	Product	Version
ffmpeg	ffmpeg	*
ffmpeg	ffmpeg	0.3
ffmpeg	ffmpeg	0.3.1
ffmpeg	ffmpeg	0.3.2
ffmpeg	ffmpeg	0.3.3
ffmpeg	ffmpeg	0.3.4
ffmpeg	ffmpeg	0.4.0
ffmpeg	ffmpeg	0.4.2
ffmpeg	ffmpeg	0.4.3
ffmpeg	ffmpeg	0.4.4
ffmpeg	ffmpeg	0.4.5
ffmpeg	ffmpeg	0.4.6
ffmpeg	ffmpeg	0.4.7
ffmpeg	ffmpeg	0.4.8
mplayer	mplayer	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "DA4553D3-E176-4412-9858-8B5793010CE7",
              "versionEndIncluding": "0.4.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2649A80-4739-4BBB-AB0B-99AD435BE7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A2E77D-B826-4B49-ADC8-7F704E149A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18157837-4550-45E3-A12E-AE06E047E253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F42611-C3E2-416B-9AE7-A5AE83E4DEF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A20789F-26E3-4871-B24E-25E922BADDF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C6C243-3ACC-49C3-80CA-D7CA8FEFF0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AE6D368-0BA6-4499-B7E1-EE16C03012E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26C0F6EF-0452-4AFE-AF3E-B88F963A0938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DD372-4D3B-445C-8C38-E083A3C0D4A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C03D7-2780-4D69-A98D-BCFB91D1119A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AEE1977-E9E0-4BFF-B33B-B083E49E51F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6979C17-0BC6-47D1-9B73-254D84306A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "204C7C05-3441-4DB0-8702-D99C8FCB381E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27582D6B-217E-43B0-A5A5-BEEB9199688F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en libavformat/utils.c en FFmpeg 0.4.9 antes de r14715, como lo usa MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con c\u00f3digo de generaci\u00f3n de DTS con un retraso mayor que MAX_REORDER_DELAY."
    }
  ],
  "id": "CVE-2008-4866",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-11-01T00:00:01.117",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34385"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34845"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200903-33.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1782"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:013"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:015"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/29/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33308"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-734-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200903-33.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/29/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-734-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46322"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-4866 (GCVE-0-2008-4866)

Vulnerability from cvelistv5

Published

2008-10-31 22:00