245313 – (CVE-2008-4866) media-video/ffmpeg <0.4.9_p20081014 libavformat/utils.c Multiple buffer overflows (CVE-2008-{4866,4867,4868,4869})

Bug 245313 (CVE-2008-4866) - media-video/ffmpeg <0.4.9_p20081014 libavformat/utils.c Multiple buffer overflows (CVE-2008-{4866,4867,4868,4869})

Summary: media-video/ffmpeg <0.4.9_p20081014 libavformat/utils.c Multiple buffer overf...

Status:	RESOLVED FIXED

Alias:	CVE-2008-4866

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:	245285
Blocks:
	Show dependency tree

Reported:	2008-11-02 19:43 UTC by Stefan Behte (RETIRED)
Modified:	2009-03-20 08:31 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2008-11-02 19:43:31 UTC

CVE-2008-4866 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4866):
  Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9
  before r14715, as used by MPlayer, allow context-dependent attackers
  to have an unknown impact via vectors related to execution of DTS
  generation code with a delay greater than MAX_REORDER_DELAY.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2008-11-02 19:47:37 UTC

Name:      CVE-2008-4867
URL:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4867
Published: 2008-10-31
Severity:
Description:

Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as
used by MPlayer, allows context-dependent attackers to have an unknown
impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

Name:      CVE-2008-4868
URL:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4868
Published: 2008-10-31
Severity:
Description:

Unspecified vulnerability in the avcodec_close function in
libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer,
has unknown impact and attack vectors, related to a free "on random
pointers."

Name:      CVE-2008-4869
URL:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4869
Published: 2008-10-31
Severity:
Description:

FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to
cause a denial of service (memory consumption) via unknown vectors, aka
a "Tcp/udp memory leak."

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2008-11-02 19:55:11 UTC

CVE-2008-4867 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4867):
  Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as
  used by MPlayer, allows context-dependent attackers to have an
  unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE
  value.

CVE-2008-4868 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4868):
  Unspecified vulnerability in the avcodec_close function in
  libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer,
  has unknown impact and attack vectors, related to a free "on random
  pointers."

CVE-2008-4869 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4869):
  FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
  to cause a denial of service (memory consumption) via unknown
  vectors, aka a "Tcp/udp memory leak."

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2008-11-02 19:57:10 UTC

Sorry for the double-posting of the CVEs.

Comment 4 Samuli Suominen (RETIRED) gentoo-dev

2008-12-13 22:43:54 UTC

Bug 245285 will close this, should Status Whiteboard be changed and arch teams also be CC'd here?

Comment 5 Samuli Suominen (RETIRED) gentoo-dev

2008-12-15 16:29:46 UTC

(In reply to comment #4)
> Bug 245285 will close this, should Status Whiteboard be changed and arch teams
> also be CC'd here?
> 

alpha (blackbird) and x86 (me) stable

Comment 6 Ferris McCormick (RETIRED) gentoo-dev

2008-12-20 23:11:57 UTC

Sparc stable.

Comment 7 nixnut (RETIRED) gentoo-dev

2008-12-21 14:35:22 UTC

ppc stable

Comment 8 Raúl Porcel (RETIRED) gentoo-dev

2008-12-22 14:26:26 UTC

arm/ia64 stable

Comment 9 Samuli Suominen (RETIRED) gentoo-dev

2008-12-22 14:37:49 UTC

Security: All archteams are done.

Comment 10 Robert Buchholz (RETIRED) gentoo-dev

2008-12-23 12:37:16 UTC

glsa request filed

Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-03-20 08:31:57 UTC

GLSA 200903-33