CVE-2009-4634

2010-02-0900:00:00

ubuntu.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

89.0%

JSON

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a
denial of service and possibly execute arbitrary code via a crafted file
that (1) bypasses a validation check in vorbis_dec.c and triggers a
wraparound of the stack pointer, or (2) access a pointer from out-of-bounds
memory in mov.c, related to an elst tag that appears before a tag that
creates a stream.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442>

Notes

Author	Note
mdeslaur	This is issues #9 and #3

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchffmpeg< 3:0.cvs20070307-5ubuntu7.4UNKNOWN
ubuntu9.10noarchffmpeg< 4:0.5+svn20090706-2ubuntu2.1UNKNOWN
ubuntu8.10noarchffmpeg-debian< 3:0.svn20080206-12ubuntu3.2UNKNOWN
ubuntu9.04noarchffmpeg-debian< 3:0.svn20090303-1ubuntu6.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	ffmpeg	< 3:0.cvs20070307-5ubuntu7.4	UNKNOWN
ubuntu	9.10	noarch	ffmpeg	< 4:0.5+svn20090706-2ubuntu2.1	UNKNOWN
ubuntu	8.10	noarch	ffmpeg-debian	< 3:0.svn20080206-12ubuntu3.2	UNKNOWN
ubuntu	9.04	noarch	ffmpeg-debian	< 3:0.svn20090303-1ubuntu6.1	UNKNOWN