ID CVE-2009-4640
Summary Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.
References
Vulnerable Configurations
  • cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 26-10-2011 - 02:44)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 36465
debian DSA-2000
mandriva
  • MDVSA-2011:060
  • MDVSA-2011:061
  • MDVSA-2011:088
  • MDVSA-2011:112
  • MDVSA-2011:114
misc
secunia
  • 36805
  • 38643
  • 39482
ubuntu USN-931-1
vupen
  • ADV-2010-0935
  • ADV-2011-1241
Last major update 26-10-2011 - 02:44
Published 10-02-2010 - 02:30
Last modified 26-10-2011 - 02:44
Back to Top