CVE-2008-4867

Description

Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.

How to fix CVE-2008-4867

To remediate CVE-2008-4867, upgrade the affected package to a fixed version below.

• Debian/ffmpeg—upgrade to 0.svn20080206-14 or later
• Debian/mplayer—upgrade to 1.0~rc2-14 or later

Is CVE-2008-4867 being exploited?

Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.svn20080206-14
• from 0, < 1.0~rc2-14

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-4867