CVE-2008-4868: Critical severity ffmpeg vulnerability
Published Oct 31, 2008
·Updated
Unspecified vulnerability in the avcodecclose function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."
Affected Software
15 affected components
FFmpeg FFmpeg<=0.4.9
FFmpeg FFmpeg=0.3
FFmpeg FFmpeg=0.3.1
FFmpeg FFmpeg=0.3.2
FFmpeg FFmpeg=0.3.3
FFmpeg FFmpeg=0.3.4
FFmpeg FFmpeg=0.4.0
FFmpeg FFmpeg=0.4.2
FFmpeg FFmpeg=0.4.3
FFmpeg FFmpeg=0.4.4
FFmpeg FFmpeg=0.4.5
FFmpeg FFmpeg=0.4.6
FFmpeg FFmpeg=0.4.7
FFmpeg FFmpeg=0.4.8
MPlayer MPlayer
Event History
Oct 31, 2008
CVE Published
via MITRE·10:00 PM
Data Sourced
via MITRE·10:00 PM
Description
Nov 1, 2008
Data Sourced
12:00 AM
DescriptionWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2008-4868?
The severity of CVE-2008-4868 is currently unspecified due to unknown impact and attack vectors.
2
How do I fix CVE-2008-4868?
To fix CVE-2008-4868, upgrade to FFmpeg version 0.4.9 or later, post-r14787.
3
Which versions of FFmpeg are affected by CVE-2008-4868?
CVE-2008-4868 affects FFmpeg versions prior to 0.4.9, including 0.3 and other versions up to and including 0.4.8.
4
Does MPlayer utilize the vulnerable component in CVE-2008-4868?
MPlayer is not directly vulnerable as it does not include a version of FFmpeg that is affected by CVE-2008-4868.
5
What component of FFmpeg is involved in CVE-2008-4868?
The unspecified vulnerability in CVE-2008-4868 is related to the avcodec_close function in libavcodec.