CVE-2006-4800

Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=133520
http://security.gentoo.org/glsa/glsa-200609-09.xml	Patch Vendor Advisory
http://www.securityfocus.com/bid/20009	Patch
http://secunia.com/advisories/21921	Patch Vendor Advisory
http://secunia.com/advisories/22180
http://secunia.com/advisories/22181
http://secunia.com/advisories/22182
http://secunia.com/advisories/22198
http://secunia.com/advisories/22200
http://secunia.com/advisories/22201
http://secunia.com/advisories/22202
http://secunia.com/advisories/22203
http://www.ubuntu.com/usn/usn-358-1
http://secunia.com/advisories/22230
http://www.us.debian.org/security/2006/dsa-1215
http://secunia.com/advisories/23010
http://www.novell.com/linux/security/advisories/2006_73_mono.html
http://secunia.com/advisories/23213
http://www.mandriva.com/security/advisories?name=MDKSA-2006:173
http://www.mandriva.com/security/advisories?name=MDKSA-2006:174
http://www.mandriva.com/security/advisories?name=MDKSA-2006:175
http://www.mandriva.com/security/advisories?name=MDKSA-2006:176

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:::::::*

Information

Published : 2006-09-14 15:07

Updated : 2018-10-30 09:25

NVD link : CVE-2006-4800

Mitre link : CVE-2006-4800

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ffmpeg

ffmpeg

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=133520", "name": "http://bugs.gentoo.org/show_bug.cgi?id=133520", "tags": [], "refsource": "MISC"}, {"url": "http://security.gentoo.org/glsa/glsa-200609-09.xml", "name": "GLSA-200609-09", "tags": ["Patch", "Vendor Advisory"], "refsource": "GENTOO"}, {"url": "http://www.securityfocus.com/bid/20009", "name": "20009", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/21921", "name": "21921", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22180", "name": "22180", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22181", "name": "22181", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22182", "name": "22182", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22198", "name": "22198", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22200", "name": "22200", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22201", "name": "22201", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22202", "name": "22202", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22203", "name": "22203", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/usn-358-1", "name": "USN-358-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/22230", "name": "22230", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.us.debian.org/security/2006/dsa-1215", "name": "DSA-1215", "tags": [], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/23010", "name": "23010", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html", "name": "SUSE-SA:2006:073", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/23213", "name": "23213", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:173", "name": "MDKSA-2006:173", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:174", "name": "MDKSA-2006:174", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:175", "name": "MDKSA-2006:175", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:176", "name": "MDKSA-2006:176", "tags": [], "refsource": "MANDRIVA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4800", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-09-14T22:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:25Z"}