ID CVE-2006-4800
Summary Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
References
Vulnerable Configurations
  • FFmpeg 0.4.6
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.6
  • FFmpeg 0.4.7
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.7
  • FFmpeg 0.4.8
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.8
  • cpe:2.3:a:ffmpeg:ffmpeg:0.4.9
    cpe:2.3:a:ffmpeg:ffmpeg:0.4.9
CVSS
Base: 7.5 (as of 18-09-2006 - 14:34)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-175.NASL
    description Mplayer uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24561
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24561
    title Mandrake Linux Security Advisory : mplayer (MDKSA-2006:175)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200609-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200609-09 (FFmpeg: Buffer overflows) FFmpeg contains buffer overflows in the AVI processing code. Impact : An attacker could trigger the buffer overflows by enticing a user to load a specially crafted AVI file in an application using the FFmpeg library. This might result in the execution of arbitrary code in the context of the running application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22354
    published 2006-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22354
    title GLSA-200609-09 : FFmpeg: Buffer overflows
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XINE-LIB-2307.NASL
    description Multiple buffer overflows were fixed in the XINE decoder libraries, which could be used by attackers to crash players or potentially execute code. - Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and 'bad indexes'. (CVE-2006-4799) - Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. (CVE-2006-4800)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29598
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29598
    title SuSE 10 Security Update : xine-lib (ZYPP Patch Number 2307)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1215.NASL
    description Several remote vulnerabilities have been discovered in the Xine multimedia library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4799 The XFocus Security Team discovered that insufficient validation of AVI headers may lead to the execution of arbitrary code. - CVE-2006-4800 Michael Niedermayer discovered that a buffer overflow in the 4XM codec may lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 23701
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23701
    title Debian DSA-1215-1 : xine-lib - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-173.NASL
    description Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24559
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24559
    title Mandrake Linux Security Advisory : ffmpeg (MDKSA-2006:173)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-176.NASL
    description Xine-lib uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24562
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24562
    title Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:176)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-358-1.NASL
    description XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers. By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user's privileges. (CVE-2006-4799) Multiple integer overflows were discovered in ffmpeg and tools that contain a copy of ffmpeg (like xine-lib and kino), for several types of video formats. By tricking a user into running a video player that uses ffmpeg on a stream with malicious content, an attacker could execute arbitrary code with the target user's privileges. (CVE-2006-4800). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27938
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27938
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : ffmpeg, xine-lib vulnerabilities (USN-358-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XINE-LIB-2308.NASL
    description Multiple buffer overflows were fixed in the XINE decoder libraries, which could be used by attackers to crash players or potentially execute code. CVE-2006-4799: Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and 'bad indexes'. CVE-2006-4800: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27485
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27485
    title openSUSE 10 Security Update : xine-lib (xine-lib-2308)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-174.NASL
    description Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24560
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24560
    title Mandrake Linux Security Advisory : gstreamer-ffmpeg (MDKSA-2006:174)
refmap via4
bid 20009
debian DSA-1215
gentoo GLSA-200609-09
mandriva
  • MDKSA-2006:173
  • MDKSA-2006:174
  • MDKSA-2006:175
  • MDKSA-2006:176
misc http://bugs.gentoo.org/show_bug.cgi?id=133520
secunia
  • 21921
  • 22180
  • 22181
  • 22182
  • 22198
  • 22200
  • 22201
  • 22202
  • 22203
  • 22230
  • 23010
  • 23213
suse SUSE-SA:2006:073
ubuntu USN-358-1
Last major update 15-09-2010 - 01:26
Published 14-09-2006 - 18:07
Last modified 30-10-2018 - 12:25
Back to Top