Vulnerability Details : CVE-2008-4866
Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.
Vulnerability category: Overflow
Products affected by CVE-2008-4866
- cpe:2.3:a:ffmpeg:ffmpeg:*:pre1:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4866
0.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-4866
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-4866
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4866
-
http://www.securityfocus.com/bid/33308
-
http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html
404 Not FoundExploit
-
http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html
404 Not FoundExploit
-
http://www.ubuntu.com/usn/USN-734-1
USN-734-1: FFmpeg vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.openwall.com/lists/oss-security/2008/10/29/6
oss-security - Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities
-
http://security.gentoo.org/glsa/glsa-200903-33.xml
FFmpeg: Multiple vulnerabilities (GLSA 200903-33) — Gentoo security
-
http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html
Exploit
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:013
Mandriva
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/46322
-
http://www.debian.org/security/2009/dsa-1782
[SECURITY] [DSA 1782-1] New mplayer packages fix arbitrary code execution
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:015
Mandriva
Jump to