Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-358-1
HistoryOct 05, 2006 - 12:00 a.m.

ffmpeg, xine-lib vulnerabilities

2006-10-0500:00:00
ubuntu.com
33

7.1 High

AI Score

Confidence

Low

0.072 Low

EPSS

Percentile

94.0%

JSON

Releases

  • Ubuntu 6.06
  • Ubuntu 5.10
  • Ubuntu 5.04

Details

XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not
correctly validate certain headers. By tricking a user into playing an AVI
with malicious headers, an attacker could execute arbitrary code with the
target user’s privileges. (CVE-2006-4799)

Multiple integer overflows were discovered in ffmpeg and tools that contain a
copy of ffmpeg (like xine-lib and kino), for several types of video formats.
By tricking a user into running a video player that uses ffmpeg on a stream
with malicious content, an attacker could execute arbitrary code with the
target user’s privileges. (CVE-2006-4800)

OSVersionArchitecturePackageVersionFilename
Ubuntu6.06noarchlibxine-main1< 1.1.1+ubuntu2-7.3UNKNOWN
Ubuntu6.06noarchlibavcodec-dev< 3:0.cvs20050918-5ubuntu1.1UNKNOWN
Ubuntu5.10noarchlibxine1c2< 1.0.1-1ubuntu10.5UNKNOWN
Ubuntu5.10noarchlibavcodec-dev< 3:0.cvs20050918-4ubuntu1.1UNKNOWN
Ubuntu5.04noarchlibxine1< 1.0-1ubuntu3.9UNKNOWN
Ubuntu5.04noarchkino< 0.75-6ubuntu0.2UNKNOWN
Ubuntu5.04noarchlibavcodec-dev< 3:0.cvs20050121-1ubuntu1.2UNKNOWN

Related

openvas 7
osv 1
nessus 9
debian 1
gentoo 1
suse 1
ubuntucve 2
cve 2
cvelist 2
debiancve 1
openvas
openvas
Debian Security Advisory DSA 1215-1 (xine-lib)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1215)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200609-09 (ffmpeg)
2008-09-24 00:00:00
osv
osv
xine-lib
2006-11-20 00:00:00
nessus
nessus
openSUSE 10 Security Update : xine-lib (xine-lib-2308)
2007-10-17 00:00:00
Debian DSA-1215-1 : xine-lib - several vulnerabilities
2006-11-22 00:00:00
SuSE 10 Security Update : xine-lib (ZYPP Patch Number 2307)
2007-12-13 00:00:00
debian
debian
[SECURITY] [DSA 1215-1] New xine-lib packages fix execution of arbitrary code
2006-11-20 00:00:00
gentoo
gentoo
FFmpeg: Buffer overflows
2006-09-13 00:00:00
suse
suse
local privilege escalation in mono-core
2006-12-01 17:34:31
ubuntucve
ubuntucve
CVE-2006-4799
2006-09-14 00:00:00
CVE-2006-4800
2006-09-14 00:00:00
cve
cve
CVE-2006-4799
2006-09-14 21:07:00
CVE-2006-4800
2006-09-14 22:07:00
cvelist
cvelist
CVE-2006-4799
2006-09-14 21:00:00
CVE-2006-4800
2006-09-14 22:00:00
debiancve
debiancve
CVE-2006-4800
2006-09-14 22:07:00

7.1 High

AI Score

Confidence

Low

0.072 Low

EPSS

Percentile

94.0%

JSON
Related for USN-358-1
openvas7osv1nessus9debian1gentoo1suse1ubuntucve2cve2cvelist2debiancve1