Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-3378
HistoryOct 29, 2009 - 2:30 p.m.

CVE-2009-3378

2009-10-2914:30:01
[email protected]
web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.5%

JSON

The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.

Affected configurations

NVD
Node
mozillafirefoxMatch3.5.1
OR
mozillafirefoxMatch3.5.2
OR
mozillafirefoxMatch3.5.3

Related

prion 1
cve 1
ubuntucve 1
debiancve 1
cvelist 1
securityvulns 2
mozilla 1
openvas 13
seebug 1
nessus 10
suse 1
freebsd 1
gentoo 1
prion
prion
Null pointer dereference
2009-10-29 14:30:00
cve
cve
CVE-2009-3378
2009-10-29 14:30:01
ubuntucve
ubuntucve
CVE-2009-3378
2009-10-29 00:00:00
debiancve
debiancve
CVE-2009-3378
2009-10-29 14:30:01
cvelist
cvelist
CVE-2009-3378
2009-10-29 14:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-63
2009-10-28 00:00:00
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2009-11-05 00:00:00
mozilla
mozilla
Upgrade media libraries to fix memory safety bugs β€” Mozilla
2009-10-27 00:00:00
openvas
openvas
Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Windows)
2009-11-02 00:00:00
Mozilla Firefox Multiple Memory Corruption Vulnerabilities (Nov 2009) - Linux
2009-11-02 00:00:00
Mozilla Firefox Multiple Memory Corruption Vulnerabilities (Nov 2009) - Windows
2009-11-02 00:00:00
seebug
seebug
Mozilla Firefox倚δΈͺε†…ε­˜η ΄εζΌζ΄ž
2009-11-03 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : firefox (MDVSA-2009:294)
2010-07-30 00:00:00
FreeBSD : mozilla -- multiple vulnerabilities (c87aa2d2-c3c4-11de-ab08-000f20797ede)
2009-10-29 00:00:00
Firefox 3.5.x < 3.5.4 Multiple Vulnerabilities
2009-10-29 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-11-04 14:24:35
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-10-27 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.5%

JSON
Related for NVD:CVE-2009-3378
prion1cve1ubuntucve1debiancve1cvelist1securityvulns2mozilla1openvas13seebug1nessus10suse1freebsd1gentoo1