CVE-2009-0385
02.02.2009, 19:30
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.Enginsight
Vendor | Product | Version |
---|---|---|
ffmpeg | ffmpeg | 𝑥 < 0.6.3 |
debian | debian_linux | 4.0 |
debian | debian_linux | 5.0 |
debian | debian_linux | 6.0 |
canonical | ubuntu_linux | 7.10 |
canonical | ubuntu_linux | 8.04 |
canonical | ubuntu_linux | 8.10 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ffmpeg |
| ||||||||||||||||||
ffmpeg-debian |
| ||||||||||||||||||
gstreamer0.10-ffmpeg |
| ||||||||||||||||||
kino |
| ||||||||||||||||||
motion |
| ||||||||||||||||||
mplayer |
| ||||||||||||||||||
smilutils |
|
References