fkie_nvd - fkie_cve-2008-4867

fkie_cve-2008-4867

Vulnerability from fkie_nvd

Published

2008-11-01 00:00

Modified

2025-04-09 00:30

Severity ?

Summary

Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

References

▶	URL	Tags
	cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html
	cve@mitre.org	http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html
	cve@mitre.org	http://secunia.com/advisories/34296
	cve@mitre.org	http://secunia.com/advisories/34385
	cve@mitre.org	http://security.gentoo.org/glsa/glsa-200903-33.xml
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:013
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:014
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:015
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/10/29/6
	cve@mitre.org	http://www.securityfocus.com/bid/33308
	cve@mitre.org	http://www.ubuntu.com/usn/USN-734-1
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/46324
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34296
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34385
	af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200903-33.xml
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:013
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:014
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:015
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/10/29/6
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33308
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-734-1
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46324

Impacted products

Vendor	Product	Version
ffmpeg	ffmpeg	*
ffmpeg	ffmpeg	0.3
ffmpeg	ffmpeg	0.3.1
ffmpeg	ffmpeg	0.3.2
ffmpeg	ffmpeg	0.3.3
ffmpeg	ffmpeg	0.3.4
ffmpeg	ffmpeg	0.4.0
ffmpeg	ffmpeg	0.4.2
ffmpeg	ffmpeg	0.4.3
ffmpeg	ffmpeg	0.4.4
ffmpeg	ffmpeg	0.4.5
ffmpeg	ffmpeg	0.4.6
ffmpeg	ffmpeg	0.4.7
ffmpeg	ffmpeg	0.4.8
mplayer	mplayer	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "DA4553D3-E176-4412-9858-8B5793010CE7",
              "versionEndIncluding": "0.4.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2649A80-4739-4BBB-AB0B-99AD435BE7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A2E77D-B826-4B49-ADC8-7F704E149A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18157837-4550-45E3-A12E-AE06E047E253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F42611-C3E2-416B-9AE7-A5AE83E4DEF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A20789F-26E3-4871-B24E-25E922BADDF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C6C243-3ACC-49C3-80CA-D7CA8FEFF0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AE6D368-0BA6-4499-B7E1-EE16C03012E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26C0F6EF-0452-4AFE-AF3E-B88F963A0938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DD372-4D3B-445C-8C38-E083A3C0D4A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C03D7-2780-4D69-A98D-BCFB91D1119A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AEE1977-E9E0-4BFF-B33B-B083E49E51F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6979C17-0BC6-47D1-9B73-254D84306A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "204C7C05-3441-4DB0-8702-D99C8FCB381E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27582D6B-217E-43B0-A5A5-BEEB9199688F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en libavcodec/dca.c en FFmpeg 0.4.9 antes de r14917, como es usado por MPlayer, permite a atacantes dependientes del contexto tener un impacto desconocido mediante vectores relacionados con un valor DCA_MAX_FRAME_SIZE incorrecto."
    }
  ],
  "id": "CVE-2008-4867",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-11-01T00:00:01.167",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34385"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200903-33.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:013"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:014"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:015"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/29/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33308"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-734-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200903-33.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/10/29/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-734-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46324"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-4867 (GCVE-0-2008-4867)

Vulnerability from cvelistv5

Published

2008-10-31 22:00