CVE-2008-4866

Priority
Description
Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before
r14715, as used by MPlayer, allow context-dependent attackers to have an
unknown impact via vectors related to execution of DTS generation code with
a delay greater than MAX_REORDER_DELAY.
Assigned-to
mdeslaur
Notes
mdeslaurvulnerable code doesn't seem to exist in gutsy and hardy
debian says: [etch] - ffmpeg <not-affected> (Vulnerable code not present)
kino is built with --disable-local-ffmpeg, so it's not vulnerable
sbeattieas of lucid, mplayer uses system ffmpeg rather than embedded
version
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Source: kino (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-09-10 00:53:58 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)