CVE-2009-4632

Priority
Low
Description
oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer
arithmetic, which might allow remote attackers to obtain sensitive memory
contents and cause a denial of service via a crafted file that triggers an
out-of-bounds read.
References
Bugs
Notes
mdeslaur> this is issue #18
mdeslaur> Can't reproduce on hardy, patch doesn't seem to apply
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):not-affected (3:0.cvs20070307-5ubuntu7.4)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (4:0.5.1-1ubuntu1)
Ubuntu 11.04 (Natty Narwhal):not-affected (4:0.5.1-1ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:29 UTC (commit 5347)