CVE-2009-4631 - Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial

CVE-2009-4631

Summary

Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.

References

http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html
http://secunia.com/advisories/36805
http://secunia.com/advisories/38643
http://www.debian.org/security/2010/dsa-2000
http://www.securityfocus.com/bid/36465
https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
https://roundup.ffmpeg.org/roundup/ffmpeg/issue1483

Vulnerable Configurations

cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 04-05-2010 - 05:48)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	36465
debian	DSA-2000
misc	http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 https://roundup.ffmpeg.org/roundup/ffmpeg/issue1483
secunia	36805 38643

Last major update

04-05-2010 - 05:48

Published

10-02-2010 - 02:30

Last modified

04-05-2010 - 05:48