CVE-2009-4634

Priority
Medium
Description
Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a
denial of service and possibly execute arbitrary code via a crafted file
that (1) bypasses a validation check in vorbis_dec.c and triggers a
wraparound of the stack pointer, or (2) access a pointer from out-of-bounds
memory in mov.c, related to an elst tag that appears before a tag that
creates a stream.
References
Bugs
Notes
mdeslaur> This is issues #9 and #3
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):released (3:0.cvs20070307-5ubuntu7.4)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (4:0.5.1-1ubuntu1)
Ubuntu 11.04 (Natty Narwhal):not-affected (4:0.5.1-1ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:29 UTC (commit 5347)