Published: 14/09/2006 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple buffer overflows in libavcodec in ffmpeg prior to 0.4.9_p20060530 allow remote malicious users to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ffmpeg ffmpeg 0.4.7
ffmpeg ffmpeg 0.4.6
ffmpeg ffmpeg 0.4.8
ffmpeg ffmpeg 0.4.9

Debian Bug report logs - #401304 CVE-2006-4800: GStreamer FFmpeg Plug-in Multiple Buffer Overflows Package: gstreamer08-ffmpeg; Maintainer for gstreamer08-ffmpeg is (unknown); Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 2 Dec 2006 13:18:01 UTC Severity: grave Tags: fixed-upstream, patch, security Fixed in v ...

XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user’s privileges (CVE-2006-4799) ...

Several remote vulnerabilities have been discovered in the Xine multimedia library, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4799 The XFocus Security Team discovered that insufficient validation of AVI headers may lead to the execution of ...

CVE-2006-4800

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect