CVE-2009-0385

CVSS 9.3 - HIGH

Description

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

Affected Products

9

Vendor	Product	Version
ffmpeg	ffmpeg	`All versions`
debian	debian_linux	`4.0`
debian	debian_linux	`5.0`
debian	debian_linux	`6.0`
canonical	ubuntu_linux	`7.10`
canonical	ubuntu_linux	`8.04`
canonical	ubuntu_linux	`8.10`
fedoraproject	fedora	`9`
fedoraproject	fedora	`10`

References

http://git.ffmpeg.org/?p=ffmpeg%3Ba=commitdiff%3Bh...

http://osvdb.org/51643

http://secunia.com/advisories/33711

http://secunia.com/advisories/34296

http://secunia.com/advisories/34385

http://secunia.com/advisories/34712

http://secunia.com/advisories/34845

http://secunia.com/advisories/34905

http://security.gentoo.org/glsa/glsa-200903-33.xml

http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4...

http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=1...

http://www.debian.org/security/2009/dsa-1781

http://www.debian.org/security/2009/dsa-1782

http://www.mandriva.com/security/advisories?name=M...

http://www.securityfocus.com/archive/1/500514/100/...

http://www.securityfocus.com/bid/33502

http://www.trapkit.de/advisories/TKADV2009-004.txt

http://www.ubuntu.com/usn/USN-734-1

http://www.vupen.com/english/advisories/2009/0277

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-2009-0385
Published:: 2009-02-02
Modified:: 2026-04-23
CVSS Score:: 9.3
Severity:: HIGH
Vector:: AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Vendors

canonical ffmpeg fedoraproject debian

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL