MitreCVE-2009-4640

HistoryFeb 10, 2010 - 2:30 a.m.

CVE-2009-4640

2010-02-1002:30:00

CWE-189

mitre

web.nvd.nist.gov

cve-2009-4640

array index error

vorbis_dec.c

ffmpeg 0.5

remote attack

denial of service

execute arbitrary code

out-of-bounds read

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

9.3

Confidence

High

EPSS

0.021

Percentile

89.2%

JSON

Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.

Affected configurations

Nvd

Node

ffmpegffmpegMatch0.5

VendorProductVersionCPE
ffmpegffmpeg0.5cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ffmpeg	ffmpeg	0.5	cpe:2.3:a:ffmpeg:ffmpeg:0.5:::::::*

References

scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html

secunia.com/advisories/36805

secunia.com/advisories/38643

secunia.com/advisories/39482

www.debian.org/security/2010/dsa-2000

www.mandriva.com/security/advisories?name=MDVSA-2011:060

www.mandriva.com/security/advisories?name=MDVSA-2011:061

www.mandriva.com/security/advisories?name=MDVSA-2011:088

www.mandriva.com/security/advisories?name=MDVSA-2011:112

www.mandriva.com/security/advisories?name=MDVSA-2011:114

www.securityfocus.com/bid/36465

www.ubuntu.com/usn/USN-931-1

www.vupen.com/english/advisories/2010/0935

www.vupen.com/english/advisories/2011/1241

roundup.ffmpeg.org/roundup/ffmpeg/issue1240

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

9.3

Confidence

High

EPSS

0.021

Percentile

89.2%

JSON

Related for CVE-2009-4640