Published: 02/02/2009 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote malicious users to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ffmpeg ffmpeg
debian debian linux 5.0
debian debian linux 4.0
debian debian linux 6.0
canonical ubuntu linux 7.10
canonical ubuntu linux 8.10
canonical ubuntu linux 8.04
fedoraproject fedora 10
fedoraproject fedora 9

It was discovered that FFmpeg did not correctly handle certain malformed Ogg Media (OGM) files If a user were tricked into opening a crafted Ogg Media file, an attacker could cause the application using FFmpeg to crash, leading to a denial of service (CVE-2008-4610) ...

Debian Bug report logs - #517792 CVE-2009-0698: integer overflow Package: xine-lib; Maintainer for xine-lib is (unknown); Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Mon, 2 Mar 2009 02:30:02 UTC Severity: grave Tags: patch, pending, security Found in version 1114-1 Fixed in version 11163-1 Done ...

Debian Bug report logs - #524799 ffmpeg-debian: CVE-2009-0385 integer signedness error Package: ffmpeg-debian; Maintainer for ffmpeg-debian is (unknown); Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Date: Mon, 20 Apr 2009 01:18:01 UTC Severity: important Tags: security Found in versions 0cvs20060823-1, ...

Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0385 It was discovered that watching a malformed 4X movie file could lead to the execution of arbitrary code CVE-2008-3162 It was discovered that using a craf ...

FIRE: Combining Multi-Stage Filtering with Taint Analysis for Scalable Recurring Vulnerability Detection.

FIRE-Public FIRE: Combining Multi-Stage Filtering with Taint Analysis for Scalable Recurring Vulnerability Detection Overview The project consists four components(packages): BloomFilter(SFBF, Section 31), TokenFilter(Token Similarity Filter, Section 32), SyntaxFilter(AST Similarity Filter, Section 33), Trace(Vulnerability Identification Phase, Section 4) Besides, we provid

NVD-CWE-Other http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846 http://www.securityfocus.com/bid/33502 http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846 http://www.trapkit.de/advisories/TKADV2009-004.txt http://secunia.com/advisories/33711 http://osvdb.org/51643 http://www.ubuntu.com/usn/USN-734-1 http://secunia.com/advisories/34296 http://security.gentoo.org/glsa/glsa-200903-33.xml http://secunia.com/advisories/34385 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html http://secunia.com/advisories/34712 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html http://www.debian.org/security/2009/dsa-1781 http://secunia.com/advisories/34905 http://secunia.com/advisories/34845 http://www.debian.org/security/2009/dsa-1782 http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 http://www.vupen.com/english/advisories/2009/0277 https://exchange.xforce.ibmcloud.com/vulnerabilities/48330 http://www.securityfocus.com/archive/1/500514/100/0/threaded http://git.ffmpeg.org/?p=ffmpeg%3Ba=commitdiff%3Bh=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 https://usn.ubuntu.com/734-1/https://nvd.nist.gov

CVE-2009-0385

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect