CVE-2006-4800

NameCVE-2006-4800
DescriptionMultiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1215
NVD severityhigh
Debian Bugs401304, 401311

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ffmpeg (PTS)stretch (security), stretch7:3.2.14-1~deb9u1fixed
buster, buster (security)7:4.1.4-1~deb10u1fixed
bullseye, sid7:4.1.4-1fixed
mplayer (PTS)stretch2:1.3.0-6fixed
bullseye, sid, buster2:1.3.0-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ffmpegsource(unstable)0.cvs20060329-1
gst-ffmpegsource(unstable)0.8.7-7medium401304
gstreamer0.10-ffmpegsource(unstable)0.10.1-3medium401311
mplayersource(unstable)1.0~rc1-1
xine-libsource(unstable)1.1.2-1
xine-libsourcesarge1.0.1-1sarge4DSA-1215
xmoviesource(unstable)(unfixed)

Notes

according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg

Search for package or bug name: Reporting problems