CVE-2006-4800: Buffer Overflow
First published: Thu Sep 14 2006(Updated: )
Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FFmpeg | =0.4.7 | |
| FFmpeg | =0.4.6 | |
| FFmpeg | =0.4.8 | |
| FFmpeg | =0.4.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.gentoo.org/show_bug.cgi?id=133520
- http://security.gentoo.org/glsa/glsa-200609-09.xml
- http://www.securityfocus.com/bid/20009
- http://secunia.com/advisories/21921
- http://secunia.com/advisories/22180
- http://secunia.com/advisories/22181
- http://secunia.com/advisories/22182
- http://secunia.com/advisories/22198
- http://secunia.com/advisories/22200
- http://secunia.com/advisories/22201
- http://secunia.com/advisories/22202
- http://secunia.com/advisories/22203
- http://www.ubuntu.com/usn/usn-358-1
- http://secunia.com/advisories/22230
- http://www.us.debian.org/security/2006/dsa-1215
- http://secunia.com/advisories/23010
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://secunia.com/advisories/23213
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:173
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:174
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:175
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:176
Frequently Asked Questions
What is the severity of CVE-2006-4800?
CVE-2006-4800 has a moderate severity level due to the potential for remote code execution and denial of service.
How do I fix CVE-2006-4800?
To fix CVE-2006-4800, upgrade to a version of FFmpeg later than 0.4.9.
Which versions of FFmpeg are affected by CVE-2006-4800?
FFmpeg versions 0.4.6, 0.4.7, 0.4.8, and 0.4.9 are affected by CVE-2006-4800.
Can CVE-2006-4800 be exploited remotely?
Yes, CVE-2006-4800 can be exploited by remote attackers to execute arbitrary code or cause a denial of service.
What components of FFmpeg are involved in CVE-2006-4800?
CVE-2006-4800 involves multiple components of FFmpeg such as dtsdec.c, vorbis.c, and sierravmd.c.
- agent/references
- agent/type
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ffmpeg
- canonical/ffmpeg
- version/ffmpeg/0.4.7
- version/ffmpeg/0.4.6
- version/ffmpeg/0.4.8
- version/ffmpeg/0.4.9