Candidate: CVE-2009-0893
PublicDate: 2009-06-02 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0893
Description:
 Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the
 xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and
 other applications, allow remote attackers to execute arbitrary code by
 providing a crafted macroblock (aka MBlock) number in a video stream in a
 crafted movie file that triggers heap memory corruption, related to a
 "missing resync marker range check" and the (1) decoder_iframe, (2)
 decoder_pframe, and (3) decoder_bframe functions.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_xvidcore:
upstream_xvidcore: released (1.2.2)
dapper_xvidcore: ignored (reached end-of-life)
hardy_xvidcore: ignored (reached end-of-life)
intrepid_xvidcore: needed (reached end-of-life)
jaunty_xvidcore: ignored (reached end-of-life)
karmic_xvidcore: ignored (reached end-of-life)
lucid_xvidcore: not-affected (2:1.2.2+debian-0ubuntu2)
maverick_xvidcore: not-affected (2:1.2.2+debian-0ubuntu2)
natty_xvidcore: not-affected (2:1.2.2+debian-0ubuntu2)
oneiric_xvidcore: not-affected (2:1.2.2+debian-0ubuntu2)
devel_xvidcore: not-affected (2:1.2.2+debian-0ubuntu2)