CVE-2009-3389

Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	3.5.1 (including)	3.5.1 (including)
Firefox	Mozilla	3.5.2 (including)	3.5.2 (including)
Firefox	Mozilla	3.5.3 (including)	3.5.3 (including)
Firefox	Mozilla	3.5.4 (including)	3.5.4 (including)
Firefox	Mozilla	3.5.5 (including)	3.5.5 (including)
Seamonkey	Mozilla	*	2.0 (including)
Seamonkey	Mozilla	1.0 (including)	1.0 (including)
Seamonkey	Mozilla	1.0-alpha (including)	1.0-alpha (including)
Seamonkey	Mozilla	1.0-beta (including)	1.0-beta (including)
Seamonkey	Mozilla	1.0.1 (including)	1.0.1 (including)
Seamonkey	Mozilla	1.0.2 (including)	1.0.2 (including)
Seamonkey	Mozilla	1.0.3 (including)	1.0.3 (including)
Seamonkey	Mozilla	1.0.4 (including)	1.0.4 (including)
Seamonkey	Mozilla	1.0.5 (including)	1.0.5 (including)
Seamonkey	Mozilla	1.0.6 (including)	1.0.6 (including)
Seamonkey	Mozilla	1.0.7 (including)	1.0.7 (including)
Seamonkey	Mozilla	1.0.8 (including)	1.0.8 (including)
Seamonkey	Mozilla	1.0.9 (including)	1.0.9 (including)
Seamonkey	Mozilla	1.0.99 (including)	1.0.99 (including)
Seamonkey	Mozilla	1.1 (including)	1.1 (including)
Seamonkey	Mozilla	1.1-alpha (including)	1.1-alpha (including)
Seamonkey	Mozilla	1.1-beta (including)	1.1-beta (including)
Seamonkey	Mozilla	1.1.1 (including)	1.1.1 (including)
Seamonkey	Mozilla	1.1.2 (including)	1.1.2 (including)
Seamonkey	Mozilla	1.1.3 (including)	1.1.3 (including)
Seamonkey	Mozilla	1.1.4 (including)	1.1.4 (including)
Seamonkey	Mozilla	1.1.5 (including)	1.1.5 (including)
Seamonkey	Mozilla	1.1.6 (including)	1.1.6 (including)
Seamonkey	Mozilla	1.1.7 (including)	1.1.7 (including)
Seamonkey	Mozilla	1.1.8 (including)	1.1.8 (including)
Seamonkey	Mozilla	1.1.9 (including)	1.1.9 (including)
Seamonkey	Mozilla	1.1.10 (including)	1.1.10 (including)
Seamonkey	Mozilla	1.1.11 (including)	1.1.11 (including)
Seamonkey	Mozilla	1.1.12 (including)	1.1.12 (including)
Seamonkey	Mozilla	1.1.13 (including)	1.1.13 (including)
Seamonkey	Mozilla	1.1.14 (including)	1.1.14 (including)
Seamonkey	Mozilla	1.1.15 (including)	1.1.15 (including)
Seamonkey	Mozilla	1.1.16 (including)	1.1.16 (including)
Seamonkey	Mozilla	1.1.17 (including)	1.1.17 (including)
Seamonkey	Mozilla	1.5.0.8 (including)	1.5.0.8 (including)
Seamonkey	Mozilla	1.5.0.9 (including)	1.5.0.9 (including)
Seamonkey	Mozilla	1.5.0.10 (including)	1.5.0.10 (including)
Seamonkey	Mozilla	2.0 (including)	2.0 (including)
Seamonkey	Mozilla	2.0-alpha_1 (including)	2.0-alpha_1 (including)
Seamonkey	Mozilla	2.0-alpha_2 (including)	2.0-alpha_2 (including)
Seamonkey	Mozilla	2.0-alpha_3 (including)	2.0-alpha_3 (including)
Seamonkey	Mozilla	2.0-beta_1 (including)	2.0-beta_1 (including)
Seamonkey	Mozilla	2.0-beta_2 (including)	2.0-beta_2 (including)
Seamonkey	Mozilla	2.0-rc1 (including)	2.0-rc1 (including)
Seamonkey	Mozilla	2.0a1 (including)	2.0a1 (including)
Seamonkey	Mozilla	2.0a1pre (including)	2.0a1pre (including)
Seamonkey	Ubuntu	hardy	*
Seamonkey	Ubuntu	intrepid	*
Seamonkey	Ubuntu	jaunty	*
Seamonkey	Ubuntu	karmic	*
Seamonkey	Ubuntu	lucid	*
Seamonkey	Ubuntu	upstream	*
Xulrunner-1.9.1	Ubuntu	jaunty	*
Xulrunner-1.9.1	Ubuntu	karmic	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-3389
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References