Debian Ffmpeg vulnerabilities

CVE-2008-4866 [CRITICAL] CVE-2008-4866: ffmpeg - Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, ... Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. Scope: local bookworm: resolved (fixed in 0.svn20080206-14) bullseye: resolved (fixed in 0.svn20080206-14)

CVE-2008-3162 [CRITICAL] CVE-2008-3162: ffmpeg - Stack-based buffer overflow in the str_read_packet function in libavformat/psxst... Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors. Scope: local bookworm: resolved (fixed in 0.svn20080206-10) bullseye: resolved (fixed in 0.svn2

CVE-2008-4867 [CRITICAL] CVE-2008-4867: ffmpeg - Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MP... Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. Scope: local bookworm: resolved (fixed in 0.svn20080206-14) bullseye: resolved (fixed in 0.svn20080206-14) forky: resolved (fixed in 0.svn20080206-14) sid: r

CVE-2008-3230 [LOW] CVE-2008-3230: ffmpeg - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of serv... The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif. Scope: local bookworm: resolved (fixed in 0.svn20080206-16) bullseye: resolved (fixed in 0.svn20080206-16) forky: resolved (fixed in 0.svn20080206-16) sid: resolved (fixed in 0

CVE-2008-4868 [CRITICAL] CVE-2008-4868: ffmpeg - Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in... Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-4610 [MEDIUM] CVE-2008-4610: ffmpeg - MPlayer allows remote attackers to cause a denial of service (application crash)... MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fi

CVE-2006-4800 [HIGH] CVE-2006-4800: ffmpeg - Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow r... Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c

CVE-2005-4048 [HIGH] CVE-2005-4048: ffmpeg - Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) ... Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. Scope: local bookworm: resolved (fixed in 0.cvs20050918-5.1) bullseye: