Vulnerabilities > CVE-2006-4800 - Buffer Overflow vulnerability in FFmpeg Image File
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-174.NASL description Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24560 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24560 title Mandrake Linux Security Advisory : gstreamer-ffmpeg (MDKSA-2006:174) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-358-1.NASL description XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers. By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user last seen 2020-06-01 modified 2020-06-02 plugin id 27938 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27938 title Ubuntu 5.04 / 5.10 / 6.06 LTS : ffmpeg, xine-lib vulnerabilities (USN-358-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1215.NASL description Several remote vulnerabilities have been discovered in the Xine multimedia library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4799 The XFocus Security Team discovered that insufficient validation of AVI headers may lead to the execution of arbitrary code. - CVE-2006-4800 Michael Niedermayer discovered that a buffer overflow in the 4XM codec may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 23701 published 2006-11-22 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23701 title Debian DSA-1215-1 : xine-lib - several vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-176.NASL description Xine-lib uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24562 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24562 title Mandrake Linux Security Advisory : xine-lib (MDKSA-2006:176) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-173.NASL description Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24559 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24559 title Mandrake Linux Security Advisory : ffmpeg (MDKSA-2006:173) NASL family SuSE Local Security Checks NASL id SUSE_XINE-LIB-2308.NASL description Multiple buffer overflows were fixed in the XINE decoder libraries, which could be used by attackers to crash players or potentially execute code. CVE-2006-4799: Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and last seen 2020-06-01 modified 2020-06-02 plugin id 27485 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27485 title openSUSE 10 Security Update : xine-lib (xine-lib-2308) NASL family SuSE Local Security Checks NASL id SUSE_XINE-LIB-2307.NASL description Multiple buffer overflows were fixed in the XINE decoder libraries, which could be used by attackers to crash players or potentially execute code. - Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and last seen 2020-06-01 modified 2020-06-02 plugin id 29598 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29598 title SuSE 10 Security Update : xine-lib (ZYPP Patch Number 2307) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-175.NASL description Mplayer uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24561 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24561 title Mandrake Linux Security Advisory : mplayer (MDKSA-2006:175) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-09.NASL description The remote host is affected by the vulnerability described in GLSA-200609-09 (FFmpeg: Buffer overflows) FFmpeg contains buffer overflows in the AVI processing code. Impact : An attacker could trigger the buffer overflows by enticing a user to load a specially crafted AVI file in an application using the FFmpeg library. This might result in the execution of arbitrary code in the context of the running application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22354 published 2006-09-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22354 title GLSA-200609-09 : FFmpeg: Buffer overflows
References
- http://bugs.gentoo.org/show_bug.cgi?id=133520
- http://secunia.com/advisories/21921
- http://secunia.com/advisories/22180
- http://secunia.com/advisories/22181
- http://secunia.com/advisories/22182
- http://secunia.com/advisories/22198
- http://secunia.com/advisories/22200
- http://secunia.com/advisories/22201
- http://secunia.com/advisories/22202
- http://secunia.com/advisories/22203
- http://secunia.com/advisories/22230
- http://secunia.com/advisories/23010
- http://secunia.com/advisories/23213
- http://security.gentoo.org/glsa/glsa-200609-09.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:173
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:174
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:175
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:176
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://www.securityfocus.com/bid/20009
- http://www.ubuntu.com/usn/usn-358-1
- http://www.us.debian.org/security/2006/dsa-1215