Your submission was sent successfully! Close

CVE-2008-4866

Published: 31 October 2008

Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.

Priority

Low

Notes

AuthorNote
mdeslaur
vulnerable code doesn't seem to exist in gutsy and hardy
debian says: [etch] - ffmpeg <not-affected> (Vulnerable code not present)
kino is built with --disable-local-ffmpeg, so it's not vulnerable
sbeattie
as of lucid, mplayer uses system ffmpeg rather than embedded
version

References

Bugs