Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-3378
HistoryOct 29, 2009 - 12:00 a.m.

CVE-2009-3378

2009-10-2900:00:00
ubuntu.com
ubuntu.com
22
oggplay
remote attackers
denial of service
arbitrary code
.ogg video file
mozilla firefox

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.061

Percentile

93.5%

The oggplay_data_handle_theora_frame function in
media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in
Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data
structure upon encountering a decoding error for the first frame, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) or possibly execute arbitrary code via a
crafted .ogg video file.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu9.04noarchxulrunner-1.9.1<Β 1.9.1.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchxulrunner-1.9.1<Β 1.9.1.9+nobinonly-0ubuntu0.9.10.1UNKNOWN
ubuntu8.04noarchxulrunner-1.9.2<Β 1.9.2.6+nobinonly-0ubuntu0.8.04.1UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.061

Percentile

93.5%