CVE-2009-4633

Priority
Medium
Description
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison
operator was intended, which might allow remote attackers to cause a denial
of service and possibly execute arbitrary code via a crafted file that
modifies a loop counter and triggers a heap-based buffer overflow.
References
Bugs
Notes
mdeslaur> This is issue #13
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):released (3:0.cvs20070307-5ubuntu7.4)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (4:0.5.1-1ubuntu1)
Ubuntu 11.04 (Natty Narwhal):not-affected (4:0.5.1-1ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:29 UTC (commit 5347)