Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-0385

Published: 2 February 2009

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

Notes

AuthorNote
mdeslaur
kino is built with --disable-local-ffmpeg, so it's not vulnerable

Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
gutsy
Released (3:0.cvs20070307-5ubuntu4.2)
hardy
Released (3:0.cvs20070307-5ubuntu7.2)
intrepid Ignored
(end of life, was needed)
jaunty Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
karmic Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
lucid Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
maverick Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
natty Does not exist

upstream Needs triage

Patches:
upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17


ffmpeg-debian
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Does not exist

intrepid
Released (3:0.svn20080206-12ubuntu3.1)
jaunty Not vulnerable
(3:0.svn20090303-1ubuntu1)
karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

upstream Needs triage

Patches:

upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17

gstreamer0.10-ffmpeg
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
gutsy Ignored
(end of life, was needs-triage)
hardy Not vulnerable
(uses system ffmpeg)
intrepid Ignored
(end of life, was needs-triage)
jaunty Ignored
(end of life)
karmic Ignored
(end of life)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
upstream Needs triage

kino
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(code not present)
gutsy Not vulnerable
(uses system ffmpeg)
hardy Not vulnerable
(uses system ffmpeg)
intrepid Not vulnerable
(uses system ffmpeg)
jaunty Not vulnerable
(uses system ffmpeg)
karmic Not vulnerable
(uses system ffmpeg)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
upstream Needs triage

motion
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
gutsy Ignored
(end of life, was needs-triage)
hardy Not vulnerable
(uses system ffmpeg)
intrepid Ignored
(end of life, was needs-triage)
jaunty Ignored
(end of life)
karmic Ignored
(end of life)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
upstream Needs triage

mplayer
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
gutsy Ignored
(end of life, was needed)
hardy
Released (2:1.0~rc2-0ubuntu13.2)
intrepid Ignored
(end of life, was needed)
jaunty Ignored
(end of life)
karmic Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

upstream Needs triage

Patches:


upstream: http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846
smilutils
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
gutsy Ignored
(end of life, was needs-triage)
hardy Not vulnerable
(uses system ffmpeg)
intrepid Not vulnerable
(uses system ffmpeg) (end of life)
jaunty Ignored
(end of life)
karmic Ignored
(end of life)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
upstream Needs triage