CVE-2009-4632

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-4632
oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html Exploit
http://secunia.com/advisories/36805
http://secunia.com/advisories/38643
http://secunia.com/advisories/39482
http://www.debian.org/security/2010/dsa-2000
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.securityfocus.com/bid/36465
http://www.ubuntu.com/usn/USN-931-1
http://www.vupen.com/english/advisories/2010/0935
http://www.vupen.com/english/advisories/2011/1241
https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
Configurations

Configuration 1 (hide)

cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
History

No history.

Information

Published : 2010-02-10 02:30

Updated : 2023-12-10 11:03

NVD link : CVE-2009-4632

Mitre link : CVE-2009-4632

CVE.ORG link : CVE-2009-4632

JSON object : View

Products Affected

ffmpeg

  • ffmpeg
CWE
CWE-189

Numeric Errors