Your submission was sent successfully! Close

CVE-2009-0385

Published: 2 February 2009

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

Notes

AuthorNote
mdeslaur
kino is built with --disable-local-ffmpeg, so it's not vulnerable
Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy
Released (3:0.cvs20070307-5ubuntu4.2)
hardy
Released (3:0.cvs20070307-5ubuntu7.2)
intrepid Needed
(reached end-of-life)
jaunty Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
karmic Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
lucid Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
maverick Not vulnerable
(3:0.svn20090303-1ubuntu1+unstripped1)
natty Does not exist

upstream Needs triage

Patches:
upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17


ffmpeg-debian
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Does not exist

intrepid
Released (3:0.svn20080206-12ubuntu3.1)
jaunty Not vulnerable
(3:0.svn20090303-1ubuntu1)
karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

upstream Needs triage

Patches:

upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17

gstreamer0.10-ffmpeg
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needs triage
(reached end-of-life)
hardy Not vulnerable
(uses system ffmpeg)
intrepid Needs triage
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
upstream Needs triage

kino
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(code not present)
gutsy Not vulnerable
(uses system ffmpeg)
hardy Not vulnerable
(uses system ffmpeg)
intrepid Not vulnerable
(uses system ffmpeg)
jaunty Not vulnerable
(uses system ffmpeg)
karmic Not vulnerable
(uses system ffmpeg)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
upstream Needs triage

motion
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needs triage
(reached end-of-life)
hardy Not vulnerable
(uses system ffmpeg)
intrepid Needs triage
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
upstream Needs triage

mplayer
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy
Released (2:1.0~rc2-0ubuntu13.2)
intrepid Needed
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

upstream Needs triage

Patches:


upstream: http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846
smilutils
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needs triage
(reached end-of-life)
hardy Not vulnerable
(uses system ffmpeg)
intrepid Not vulnerable
(uses system ffmpeg) (reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Not vulnerable
(uses system ffmpeg)
maverick Not vulnerable
(uses system ffmpeg)
natty Not vulnerable
(uses system ffmpeg)
upstream Needs triage