CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
94.0%
XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not
correctly validate certain headers. By tricking a user into playing an AVI
with malicious headers, an attacker could execute arbitrary code with the
target user’s privileges. (CVE-2006-4799)
Multiple integer overflows were discovered in ffmpeg and tools that contain a
copy of ffmpeg (like xine-lib and kino), for several types of video formats.
By tricking a user into running a video player that uses ffmpeg on a stream
with malicious content, an attacker could execute arbitrary code with the
target user’s privileges. (CVE-2006-4800)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 6.06 | noarch | libxine-main1 | < 1.1.1+ubuntu2-7.3 | UNKNOWN |
Ubuntu | 6.06 | noarch | libavcodec-dev | < 3:0.cvs20050918-5ubuntu1.1 | UNKNOWN |
Ubuntu | 5.10 | noarch | libxine1c2 | < 1.0.1-1ubuntu10.5 | UNKNOWN |
Ubuntu | 5.10 | noarch | libavcodec-dev | < 3:0.cvs20050918-4ubuntu1.1 | UNKNOWN |
Ubuntu | 5.04 | noarch | libxine1 | < 1.0-1ubuntu3.9 | UNKNOWN |
Ubuntu | 5.04 | noarch | kino | < 0.75-6ubuntu0.2 | UNKNOWN |
Ubuntu | 5.04 | noarch | libavcodec-dev | < 3:0.cvs20050121-1ubuntu1.2 | UNKNOWN |