CVE-2008-4866
mplayer - arbitrary code execution
EPSS 5.7%
Description
Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.
How to fix CVE-2008-4866
To remediate CVE-2008-4866, upgrade the affected package to a fixed version below.
- Debian/ffmpeg—upgrade to 0.svn20080206-14 or later
- Debian/mplayer—upgrade to 1.0~rc2-14 or later
- Debian/mplayer—upgrade to 1.0~rc1-12etch7 or later
Is CVE-2008-4866 being exploited?
Moderate — EPSS is 5.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 0.svn20080206-14
- from 0, < 1.0~rc2-14
- from 0, < 1.0~rc1-12etch7