Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-3378

Published: 29/10/2009 Updated: 19/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mozilla

Vulnerability Summary

The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x prior to 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox 3.5.2

mozilla firefox 3.5.3

mozilla firefox 3.5.1

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-3378: liboggplay issue discovered by Mozilla
Debian Bug report logs - #552743 CVE-2009-3378: liboggplay issue discovered by Mozilla Package: liboggplay; Maintainer for liboggplay is Rodrigo Siqueira <siqueira@imeuspbr>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 29 Oct 2009 02:45:02 UTC Severity: grave Tags: security Fixed in version liboggp ...
Mozilla: Upgrade media libraries to fix memory safety bugs
Mozilla Foundation Security Advisory 2009-63 Upgrade media libraries to fix memory safety bugs Announced October 27, 2009 Reporter Mozilla community and developers Impact Critical Products Firefox Fixed in ...

References

NVD-CWE-Otherhttp://www.mozilla.org/security/announce/2009/mfsa2009-63.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=500311http://www.mandriva.com/security/advisories?name=MDVSA-2009:294http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1http://www.vupen.com/english/advisories/2009/3334https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6443https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552743https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook