Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-4632
HistoryFeb 09, 2010 - 12:00 a.m.

CVE-2009-4632

2010-02-0900:00:00
ubuntu.com
ubuntu.com
8

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.01 Low

EPSS

Percentile

83.2%

oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer
arithmetic, which might allow remote attackers to obtain sensitive memory
contents and cause a denial of service via a crafted file that triggers an
out-of-bounds read.

Bugs

Notes

Author Note
mdeslaur this is issue #18 Can’t reproduce on hardy, patch doesn’t seem to apply
OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchffmpeg<Β 4:0.5+svn20090706-2ubuntu2.1UNKNOWN
ubuntu8.10noarchffmpeg-debian<Β 3:0.svn20080206-12ubuntu3.2UNKNOWN
ubuntu9.04noarchffmpeg-debian<Β 3:0.svn20090303-1ubuntu6.1UNKNOWN

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.01 Low

EPSS

Percentile

83.2%