Published: 14/09/2006 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in ffmpeg for xine-lib prior to 1.1.2 might allow context-dependent malicious users to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xine xine-lib 1.0.1
xine xine-lib 1.0.2
xine xine-lib 1.1.0
xine xine-lib

XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user’s privileges (CVE-2006-4799) ...

Several remote vulnerabilities have been discovered in the Xine multimedia library, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4799 The XFocus Security Team discovered that insufficient validation of AVI headers may lead to the execution of ...

NVD-CWE-Other http://xinehq.de/index.php/news http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml http://www.ubuntu.com/usn/usn-358-1 http://secunia.com/advisories/22230 http://www.us.debian.org/security/2006/dsa-1215 http://secunia.com/advisories/23010 http://www.novell.com/linux/security/advisories/2006_73_mono.html http://secunia.com/advisories/23213 https://usn.ubuntu.com/358-1/https://nvd.nist.gov

CVE-2006-4799

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect