ID CVE-2009-4634
Summary Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.
References
Vulnerable Configurations
  • cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 26-10-2011 - 02:44)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 36465
debian DSA-2000
mandriva
  • MDVSA-2011:059
  • MDVSA-2011:060
  • MDVSA-2011:061
  • MDVSA-2011:088
  • MDVSA-2011:112
  • MDVSA-2011:114
misc
secunia
  • 36805
  • 38643
  • 39482
ubuntu USN-931-1
vupen
  • ADV-2010-0935
  • ADV-2011-1241
Last major update 26-10-2011 - 02:44
Published 10-02-2010 - 02:30
Last modified 26-10-2011 - 02:44
Back to Top