CVE-2009-4631
Published: 10 February 2010
Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.
Notes
| Author | Note |
|---|---|
| mdeslaur | 0.5.x doesn't seem affected, can't reproduce |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ffmpeg Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Not vulnerable
|
|
| intrepid |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| upstream |
Not vulnerable
|
|
|
ffmpeg-debian Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| intrepid |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Does not exist
|
|
| upstream |
Not vulnerable
|