CVE-2006-4800

NameCVE-2006-4800
DescriptionMultiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1215
NVD severityhigh (attack range: remote)
Debian Bugs401304, 401311

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ffmpeg (PTS)stretch, sid7:3.0.2-2fixed
gstreamer0.10-ffmpeg (PTS)wheezy0.10.13-5fixed
mplayer (PTS)wheezy2:1.0~rc4.dfsg1+svn34540-1+deb7u1fixed
wheezy (security)2:1.0~rc4.dfsg1+svn34540-1+deb7u2fixed
stretch2:1.3.0-1fixed
sid2:1.3.0-2fixed
xine-lib (PTS)wheezy1.1.21-1+deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ffmpegsource(unstable)0.cvs20060329-1high
gst-ffmpegsource(unstable)0.8.7-7medium401304
gstreamer0.10-ffmpegsource(unstable)0.10.1-3medium401311
mplayersource(unstable)1.0~rc1-1high
xine-libsource(unstable)1.1.2-1high
xine-libsourcesarge1.0.1-1sarge4highDSA-1215
xmoviesource(unstable)(unfixed)high

Notes

according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg

Search for package or bug name: Reporting problems