CVE-2008-4867: Buffer Overflow
Published Oct 31, 2008
·Updated
Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCAMAXFRAMESIZE value.
Affected Software
15 affected components
FFmpeg FFmpeg<=0.4.9
FFmpeg FFmpeg=0.3
FFmpeg FFmpeg=0.3.1
FFmpeg FFmpeg=0.3.2
FFmpeg FFmpeg=0.3.3
FFmpeg FFmpeg=0.3.4
FFmpeg FFmpeg=0.4.0
FFmpeg FFmpeg=0.4.2
FFmpeg FFmpeg=0.4.3
FFmpeg FFmpeg=0.4.4
FFmpeg FFmpeg=0.4.5
FFmpeg FFmpeg=0.4.6
FFmpeg FFmpeg=0.4.7
FFmpeg FFmpeg=0.4.8
MPlayer MPlayer
Event History
Oct 31, 2008
CVE Published
via MITRE·10:00 PM
Data Sourced
via MITRE·10:00 PM
Description
Nov 1, 2008
Data Sourced
12:00 AM
DescriptionWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2008-4867?
CVE-2008-4867 has a high severity due to the potential for buffer overflow attacks.
2
How do I fix CVE-2008-4867?
To fix CVE-2008-4867, upgrade to a version of FFmpeg later than 0.4.9 or apply the appropriate patches.
3
What versions of FFmpeg are affected by CVE-2008-4867?
CVE-2008-4867 affects FFmpeg versions up to and including 0.4.9.
4
Can MPlayer be impacted by CVE-2008-4867?
MPlayer itself is not directly affected by CVE-2008-4867, but it utilizes the vulnerable FFmpeg versions.
5
What causes CVE-2008-4867 vulnerability?
CVE-2008-4867 is caused by a buffer overflow in the libavcodec/dca.c component of FFmpeg, specifically related to the DCA_MAX_FRAME_SIZE value.