CVE-2008-4867

Published: 31 October 2008

Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

Priority

Status

Package	Release	Status
ffmpeg Launchpad, Ubuntu, Debian	dapper	Ignored (reached end-of-life)
	gutsy	Released (3:0.cvs20070307-5ubuntu4.2)
	hardy	Released (3:0.cvs20070307-5ubuntu7.2)
	intrepid	Needed (reached end-of-life)
	jaunty	Not vulnerable (3:0.svn20090303-1ubuntu1+unstripped1)
	karmic	Not vulnerable (3:0.svn20090303-1ubuntu1+unstripped1)
	lucid	Not vulnerable (3:0.svn20090303-1ubuntu1+unstripped1)
	maverick	Not vulnerable (3:0.svn20090303-1ubuntu1+unstripped1)
	natty	Does not exist
	oneiric	Does not exist
	upstream	Needs triage
ffmpeg-debian Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Does not exist
	gutsy	Does not exist
	hardy	Does not exist
	intrepid	Released (3:0.svn20080206-12ubuntu3.1)
	jaunty	Not vulnerable (3:0.svn20090303-1ubuntu1)
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Needs triage
gstreamer0.10-ffmpeg Launchpad, Ubuntu, Debian	dapper	Ignored (reached end-of-life)
	gutsy	Needed (reached end-of-life)
	hardy	Not vulnerable (code not present)
	intrepid	Not vulnerable (code not present)
	jaunty	Not vulnerable (code not present)
	karmic	Not vulnerable (code not present)
	lucid	Not vulnerable (code not present)
	maverick	Not vulnerable (code not present)
	natty	Not vulnerable (code not present)
	oneiric	Not vulnerable (code not present)
	upstream	Needs triage
kino Launchpad, Ubuntu, Debian	dapper	Not vulnerable (code not present)
	gutsy	Not vulnerable (uses system ffmpeg)
	hardy	Not vulnerable (uses system ffmpeg)
	intrepid	Not vulnerable (uses system ffmpeg)
	jaunty	Not vulnerable (uses system ffmpeg)
	karmic	Not vulnerable (uses system ffmpeg)
	lucid	Not vulnerable (uses system ffmpeg)
	maverick	Not vulnerable (uses system ffmpeg)
	natty	Not vulnerable (uses system ffmpeg)
	oneiric	Not vulnerable (uses system ffmpeg)
	upstream	Needs triage
mplayer Launchpad, Ubuntu, Debian	dapper	Ignored (reached end-of-life)
	gutsy	Needed (reached end-of-life)
	hardy	Ignored (reached end-of-life)
	intrepid	Needed (reached end-of-life)
	jaunty	Ignored (reached end-of-life)
	karmic	Ignored (reached end-of-life)
	lucid	Not vulnerable (uses system ffmpeg)
	maverick	Not vulnerable (uses system ffmpeg)
	natty	Not vulnerable (uses system ffmpeg)
	oneiric	Not vulnerable (uses system ffmpeg)
	upstream	Needs triage
xmovie Launchpad, Ubuntu, Debian	dapper	Ignored (reached end-of-life)
	gutsy	Does not exist
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Needs triage

Notes

Author	Note
mdeslaur	kino is built with --disable-local-ffmpeg, so it's not vulnerable

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›