exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2008-4866

Status Candidate

Overview

Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.

Related Files

Debian Linux Security Advisory 1782-1
Posted Apr 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1782-1 - Several vulnerabilities have been discovered in mplayer, a movie player for Unix-like systems.

tags | advisory, vulnerability
systems | linux, unix, debian
advisories | CVE-2009-0385, CVE-2008-4866, CVE-2008-5616
SHA-256 | ab45a988a3319574a71c625778a4441b1a197bf19918be539f70c5720add5dd7
Gentoo Linux Security Advisory 200903-33
Posted Mar 20, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-33 - Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. Versions less than 0.4.9_p20090201 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-3162, CVE-2008-4866, CVE-2008-4867, CVE-2008-4868, CVE-2008-4869, CVE-2009-0385
SHA-256 | 2e7fe0c9e6d617ee63532c22950f83623c514d7da4bb23685213a080f9af5e9f
Ubuntu Security Notice 734-1
Posted Mar 16, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-734-1 - It was discovered that FFmpeg did not correctly handle certain malformed Ogg Media (OGM) files. If a user were tricked into opening a crafted Ogg Media file, an attacker could cause the application using FFmpeg to crash, leading to a denial of service. It was discovered that FFmpeg did not correctly handle certain parameters when creating DTS streams. If a user were tricked into processing certain commands, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.10. It was discovered that FFmpeg did not correctly handle certain malformed DTS Coherent Acoustics (DCA) files. If a user were tricked into opening a crafted DCA file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that FFmpeg did not correctly handle certain malformed 4X movie (4xm) files. If a user were tricked into opening a crafted 4xm file, an attacker could execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-4610, CVE-2008-4866, CVE-2008-4867, CVE-2009-0385
SHA-256 | 5537267f70415650662292211f6955cbc9cb714e91da9e07fce11f6086570d49
Mandriva Linux Security Advisory 2009-015
Posted Jan 16, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-015 - Several vulnerabilities have been discovered in ffmpeg, related to the execution of DTS generation code. The updated packages have been patched to prevent this.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-4866, CVE-2008-4867
SHA-256 | abc7444b27f44aca849e0e6259ca2998132873948dc422ae4fddd250881d5f6f
Mandriva Linux Security Advisory 2009-013
Posted Jan 16, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-013 - Several vulnerabilities have been discovered in mplayer, which could allow remote attackers to execute arbitrary code via a malformed TwinVQ file. The updated packages have been patched to prevent this.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2008-4866, CVE-2008-4867, CVE-2008-5616
SHA-256 | 7719ac67074614b5de6557b6c6331ea09c6b9008d5c2b0d02d6b41879b2e538f
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close