9.3

CVE-2009-0385

EPSS 11.55%
Veröffentlicht 02.02.2009 19:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 25

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ffmpeg ≫ Ffmpeg Version < 0.6.3

Debian ≫ Debian Linux Version4.0

Debian ≫ Debian Linux Version5.0

Debian ≫ Debian Linux Version6.0

Canonical ≫ Ubuntu Linux Version7.10

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Canonical ≫ Ubuntu Linux Version8.10

Fedoraproject ≫ Fedora Version9

Fedoraproject ≫ Fedora Version10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	11.55%	0.929

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/34385

Third Party Advisory

http://secunia.com/advisories/34905

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200903-33.xml

Third Party Advisory

http://www.debian.org/security/2009/dsa-1781

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:297

Third Party Advisory

http://secunia.com/advisories/34296

Third Party Advisory

http://www.ubuntu.com/usn/USN-734-1

Third Party Advisory

http://secunia.com/advisories/34845

Third Party Advisory

http://www.debian.org/security/2009/dsa-1782

Third Party Advisory

http://git.ffmpeg.org/?p=ffmpeg%3Ba=commitdiff%3Bh=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17

http://osvdb.org/51643

Broken Link

http://secunia.com/advisories/33711

Third Party Advisory

http://secunia.com/advisories/34712

Third Party Advisory

http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846

Broken Link

http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846

Broken Link

http://www.securityfocus.com/archive/1/500514/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/33502

Third Party Advisory

VDB Entry

http://www.trapkit.de/advisories/TKADV2009-004.txt

Third Party Advisory

http://www.vupen.com/english/advisories/2009/0277

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/48330

Third Party Advisory

VDB Entry

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-0385

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0385

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0385

EUVD