Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-4634

Published: 9 February 2010

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.

Notes

AuthorNote
mdeslaur
This is issues #9 and #3

Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy
Released (3:0.cvs20070307-5ubuntu7.4)
intrepid Ignored
(end of life, was needed)
jaunty Ignored
(end of life)
karmic
Released (4:0.5+svn20090706-2ubuntu2.1)
lucid Not vulnerable
(4:0.5.1-1ubuntu1)
maverick Not vulnerable
(4:0.5.1-1ubuntu1)
upstream Needed

ffmpeg-debian
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

intrepid
Released (3:0.svn20080206-12ubuntu3.2)
jaunty
Released (3:0.svn20090303-1ubuntu6.1)
karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream Needed