Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2009-0385

Published: Feb 02, 2009 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2009-0385
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

Affected Software

Name Vendor Start Version End Version
Ffmpeg Ffmpeg * 0.6.3 (excluding)
Ffmpeg Ubuntu dapper *
Ffmpeg Ubuntu gutsy *
Ffmpeg Ubuntu hardy *
Ffmpeg Ubuntu intrepid *
Ffmpeg-debian Ubuntu intrepid *
Gstreamer0.10-ffmpeg Ubuntu dapper *
Gstreamer0.10-ffmpeg Ubuntu gutsy *
Gstreamer0.10-ffmpeg Ubuntu intrepid *
Gstreamer0.10-ffmpeg Ubuntu jaunty *
Gstreamer0.10-ffmpeg Ubuntu karmic *
Motion Ubuntu dapper *
Motion Ubuntu gutsy *
Motion Ubuntu intrepid *
Motion Ubuntu jaunty *
Motion Ubuntu karmic *
Mplayer Ubuntu dapper *
Mplayer Ubuntu gutsy *
Mplayer Ubuntu hardy *
Mplayer Ubuntu intrepid *
Mplayer Ubuntu jaunty *
Smilutils Ubuntu dapper *
Smilutils Ubuntu gutsy *
Smilutils Ubuntu jaunty *
Smilutils Ubuntu karmic *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use