CVE-2008-4867 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ffmpeg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

2.4%

top 14.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Mplayer Debian Ffmpeg +1 more

Timeline

PublishedNov 1

Latest updateMay 17

Description

Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶debiandebian/ffmpeg< ffmpeg 0.svn20080206-14 (bookworm)

▶debiandebian/mplayer< ffmpeg 0.svn20080206-14 (bookworm)

▶Debianffmpeg/ffmpeg< 0.svn20080206-14+3

▶Debianmplayer/mplayer< 1.0~rc2-14+3

▶NVDffmpeg/ffmpeg0.4.9+13

🔴Vulnerability Details

GHSA

GHSA-x2vw-xfxf-2fwh: Buffer overflow in libavcodec/dca↗2022-05-17

▶

OSV

CVE-2008-4867: Buffer overflow in libavcodec/dca↗2008-11-01

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2009-03-16

▶

Debian

CVE-2008-4867: ffmpeg - Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MP...↗2008

▶