Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-4635
HistoryFeb 09, 2010 - 12:00 a.m.

CVE-2009-4635

2010-02-0900:00:00
ubuntu.com
ubuntu.com
8

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.032

Percentile

91.3%

JSON

FFmpeg 0.5 allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a crafted MOV container with improperly
ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec
types and identifiers, leading to processing of a video-structure pointer
by the mp3 decoder, and a stack-based buffer overflow.

Bugs

Notes

Author Note
kees stack-protected on Edgy and later, just a DoS
mdeslaur This is issue #22 The patch for this issue has not been commited by upstream into the 5.x branch. I could not reproduce the issue with 5.x and the google reproducer. The patch included in usn-931-1 caused a regression, so was removed in usn-931-2.

Related

nvd 1
prion 1
debiancve 1
cvelist 1
cve 1
openvas 17
ubuntu 1
nessus 8
debian 1
osv 1
seebug 1
gentoo 1
nvd
nvd
CVE-2009-4635
2010-02-10 02:30:00
prion
prion
Stack overflow
2010-02-10 02:30:00
debiancve
debiancve
CVE-2009-4635
2010-02-10 02:30:00
cvelist
cvelist
CVE-2009-4635
2010-02-10 02:00:00
cve
cve
CVE-2009-4635
2010-02-10 02:30:00
openvas
openvas
Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1
2010-04-29 00:00:00
Ubuntu: Security Advisory (USN-931-1)
2010-04-29 00:00:00
Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)
2011-04-06 00:00:00
ubuntu
ubuntu
FFmpeg vulnerabilities
2010-04-19 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : ffmpeg, ffmpeg-debian vulnerabilities (USN-931-1)
2010-04-20 00:00:00
Mandriva Linux Security Advisory : mplayer (MDVSA-2011:088)
2011-05-17 00:00:00
Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:060)
2011-04-04 00:00:00
debian
debian
[SECURITY] [DSA 2000-1] New ffmpeg packages fix several vulnerabilities
2010-02-18 20:42:04
osv
osv
ffmpeg-debian - several vulnerabilities
2010-02-18 00:00:00
seebug
seebug
FFmpeg倚δΈͺεͺ’δ½“ζ–‡δ»Άθ§£ζžζ‹’η»ζœεŠ‘ε’Œδ»£η ζ‰§θ‘ŒζΌζ΄ž
2010-02-20 00:00:00
gentoo
gentoo
FFmpeg: Multiple vulnerabilities
2013-10-25 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.032

Percentile

91.3%

JSON
Related for UB:CVE-2009-4635
nvd1prion1debiancve1cvelist1cve1openvas17ubuntu1nessus8debian1osv1seebug1gentoo1