Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-4867

Published: 31 October 2008

Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

Notes

AuthorNote
mdeslaur 
kino is built with --disable-local-ffmpeg, so it's not vulnerable

Priority

Low

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian 		dapper Ignored
(end of life)
gutsy
Released (3:0.cvs20070307-5ubuntu4.2)
hardy
Released (3:0.cvs20070307-5ubuntu7.2)
intrepid Ignored
(end of life, was needed)
jaunty Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
karmic Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
lucid Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
maverick Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
natty Does not exist

oneiric Does not exist

upstream Needs triage

Patches:
upstream: http://svn.ffmpeg.org/ffmpeg/trunk/libavcodec/dca.c?r1=14482&r2=14917
upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=a1a12db633cf8e9152a2f497aa3814cc78383f6d
ffmpeg-debian
Launchpad, Ubuntu, Debian 		dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy Does not exist

intrepid
Released (3:0.svn20080206-12ubuntu3.1)
jaunty Not vulnerable
(3:0.svn20090303-1ubuntu1)
karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream Needs triage

gstreamer0.10-ffmpeg
Launchpad, Ubuntu, Debian 		dapper Ignored
(end of life)
gutsy Ignored
(end of life, was needed)
hardy Not vulnerable
(code not present)
intrepid Not vulnerable
(code not present)
jaunty Not vulnerable
(code not present)
karmic Not vulnerable
(code not present)
lucid Not vulnerable
(code not present)
maverick Not vulnerable
(code not present)
natty Not vulnerable
(code not present)
oneiric Not vulnerable
(code not present)
upstream Needs triage

kino
Launchpad, Ubuntu, Debian 		dapper Not vulnerable
(code not present)
gutsy Not vulnerable
(uses system ffmpeg)
hardy Not vulnerable
(uses system ffmpeg)
intrepid Not vulnerable
(uses system ffmpeg)
jaunty Not vulnerable
(uses system ffmpeg)
karmic Not vulnerable
(uses system ffmpeg)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
oneiric Not vulnerable
(uses system ffmpeg)
upstream Needs triage

mplayer
Launchpad, Ubuntu, Debian 		dapper Ignored
(end of life)
gutsy Ignored
(end of life, was needed)
hardy Ignored
(end of life)
intrepid Ignored
(end of life, was needed)
jaunty Ignored
(end of life)
karmic Ignored
(end of life)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
oneiric Not vulnerable
(uses system ffmpeg)
upstream Needs triage

xmovie
Launchpad, Ubuntu, Debian 		dapper Ignored
(end of life)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream Needs triage

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading