CVE-2009-4632

2010-02-0900:00:00

ubuntu.com

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.01 Low

EPSS

Percentile

83.3%

JSON

oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer
arithmetic, which might allow remote attackers to obtain sensitive memory
contents and cause a denial of service via a crafted file that triggers an
out-of-bounds read.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442>

Notes

Author	Note
mdeslaur	this is issue #18 Can’t reproduce on hardy, patch doesn’t seem to apply

OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchffmpeg< 4:0.5+svn20090706-2ubuntu2.1UNKNOWN
ubuntu8.10noarchffmpeg-debian< 3:0.svn20080206-12ubuntu3.2UNKNOWN
ubuntu9.04noarchffmpeg-debian< 3:0.svn20090303-1ubuntu6.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.10	noarch	ffmpeg	< 4:0.5+svn20090706-2ubuntu2.1	UNKNOWN
ubuntu	8.10	noarch	ffmpeg-debian	< 3:0.svn20080206-12ubuntu3.2	UNKNOWN
ubuntu	9.04	noarch	ffmpeg-debian	< 3:0.svn20090303-1ubuntu6.1	UNKNOWN