Your submission was sent successfully! Close

CVE-2008-4868

Published: 1 November 2008

Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."

Notes

AuthorNote
mdeslaur
Code in ffmpeg in gutsy, hardy, intrepid and jaunty doesn't free, so not vulnerable.
kino is built with --disable-local-ffmpeg, so it's not vulnerable
Priority

Low

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Not vulnerable
(code not present)
hardy Not vulnerable
(code not present)
intrepid Not vulnerable
(code not present)
jaunty Not vulnerable
(code not present)
karmic Not vulnerable
(code not present)
lucid Not vulnerable
(code not present)
maverick Not vulnerable
(code not present)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

Patches:
Introduced by

http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=03bbae75cfbdac8012251eceb5748430f34c83d9

Fixed by -
break-fix: http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=03bbae75cfbdac8012251eceb5748430f34c83d9 -
upstream: http://svn.ffmpeg.org/ffmpeg/trunk/libavcodec/utils.c?r1=14766&r2=14787
upstream: http://svn.ffmpeg.org/ffmpeg/trunk/libavcodec/utils.c?r1=14787&r2=14788 (related? incomplete...)
upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=e0c16d7619617d726f5fa4f586ff74a43f445a89
upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commit;h=be8ff464977e36d7784a2dd1a9cb1a6d32ef4574
ffmpeg-debian
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Not vulnerable
(code not present)
jaunty Not vulnerable
(code not present)
karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

gstreamer0.10-ffmpeg
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Not vulnerable
(code not present)
intrepid Not vulnerable
(code not present)
jaunty Not vulnerable
(code not present)
karmic Not vulnerable
(code not present)
lucid Not vulnerable
(code not present)
maverick Not vulnerable
(code not present)
natty Not vulnerable
(code not present)
oneiric Not vulnerable
(code not present)
precise Not vulnerable
(code not present)
upstream Needs triage

kino
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(code not present)
gutsy Not vulnerable
(uses system ffmpeg)
hardy Not vulnerable
(uses system ffmpeg)
intrepid Not vulnerable
(uses system ffmpeg)
jaunty Not vulnerable
(uses system ffmpeg)
karmic Not vulnerable
(uses system ffmpeg)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
oneiric Not vulnerable
(uses system ffmpeg)
precise Not vulnerable
(uses system ffmpeg)
upstream Needs triage

mplayer
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Ignored
(reached end-of-life)
intrepid Needed
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
oneiric Not vulnerable
(uses system ffmpeg)
precise Not vulnerable
(uses system ffmpeg)
upstream Needs triage

xmovie
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage