CVE-2006-4800

NameCVE-2006-4800
DescriptionMultiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1215
NVD severityhigh (attack range: remote)
Debian Bugs401304, 401311
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ffmpeg (PTS)squeeze (security), squeeze4:0.5.10-1fixed
squeeze (lts)4:0.5.10-1+deb6u1fixed
sid7:2.6.1-1fixed
gstreamer0.10-ffmpeg (PTS)squeeze0.10.10-1fixed
sid, wheezy0.10.13-5fixed
mplayer (PTS)squeeze2:1.0~rc3++final.dfsg1-1fixed
wheezy2:1.0~rc4.dfsg1+svn34540-1fixed
wheezy (security)2:1.0~rc4.dfsg1+svn34540-1+deb7u1fixed
xine-lib (PTS)squeeze1.1.19-2fixed
wheezy1.1.21-1+deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ffmpegsource(unstable)0.cvs20060329-1high
gst-ffmpegsource(unstable)0.8.7-7medium401304
gstreamer0.10-ffmpegsource(unstable)0.10.1-3medium401311
mplayersource(unstable)1.0~rc1-1high
xine-libsource(unstable)1.1.2-1high
xine-libsourcesarge1.0.1-1sarge4highDSA-1215
xmoviesource(unstable)(unfixed)high

Notes

according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg

Search for package or bug name: Reporting problems