CVE-2006-4800

NameCVE-2006-4800
DescriptionMultiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1215
Debian Bugs401304, 401311

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ffmpeg (PTS)stretch (security)7:3.2.18-0+deb9u1fixed
stretch (lts), stretch7:3.2.19-0+deb9u5fixed
buster, buster (lts)7:4.1.11-0+deb10u2fixed
buster (security)7:4.1.11-0+deb10u1fixed
bullseye7:4.3.7-0+deb11u1fixed
bullseye (security)7:4.3.8-0+deb11u1fixed
bookworm (security), bookworm7:5.1.6-0+deb12u1fixed
sid, trixie7:7.1-3fixed
mplayer (PTS)stretch2:1.3.0-6fixed
buster (security), buster, buster (lts)2:1.3.0-8+deb10u1fixed
bullseye2:1.4+ds1-1+deb11u1fixed
bookworm2:1.5+svn38408-1fixed
sid2:1.5+svn38638-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ffmpegsource(unstable)0.cvs20060329-1
gst-ffmpegsource(unstable)0.8.7-7medium401304
gstreamer0.10-ffmpegsource(unstable)0.10.1-3medium401311
mplayersource(unstable)1.0~rc1-1
xine-libsourcesarge1.0.1-1sarge4DSA-1215
xine-libsource(unstable)1.1.2-1
xmoviesource(unstable)(unfixed)

Notes

according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg

Search for package or bug name: Reporting problems