CVE-2008-4866 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

5.7%

top 9.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Mplayer Debian Ffmpeg +1 more

Timeline

PublishedNov 1

Latest updateMay 17

Description

Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶debiandebian/ffmpeg< ffmpeg 0.svn20080206-14 (bookworm)

▶debiandebian/mplayer< ffmpeg 0.svn20080206-14 (bookworm)

▶Debianffmpeg/ffmpeg< 0.svn20080206-14+3

▶Debianmplayer/mplayer< 1.0~rc2-14+3

▶NVDffmpeg/ffmpeg0.4.9+13

🔴Vulnerability Details

GHSA

GHSA-3hj6-5952-76wq: Multiple buffer overflows in libavformat/utils↗2022-05-17

▶

OSV

CVE-2008-4866: Multiple buffer overflows in libavformat/utils↗2008-11-01

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2009-03-16

▶

Debian

CVE-2008-4866: ffmpeg - Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, ...↗2008

▶