CVE-2009-4636

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-4636
FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html Exploit Patch
http://secunia.com/advisories/36805
http://secunia.com/advisories/38643
http://www.debian.org/security/2010/dsa-2000
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:062
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:089
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.securityfocus.com/bid/36465
http://www.vupen.com/english/advisories/2011/1241
https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
Configurations

Configuration 1 (hide)

cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
History

No history.

Information

Published : 2010-02-10 02:30

Updated : 2023-12-10 11:03

NVD link : CVE-2009-4636

Mitre link : CVE-2009-4636

CVE.ORG link : CVE-2009-4636

JSON object : View

Products Affected

ffmpeg

  • ffmpeg
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')