9.3
CVE-2009-0385
- EPSS 11.55%
- Published 02.02.2009 19:30:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.
Data is provided by the National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version4.0
Debian ≫ Debian Linux Version5.0
Debian ≫ Debian Linux Version6.0
Canonical ≫ Ubuntu Linux Version7.10
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version8.10
Fedoraproject ≫ Fedora Version9
Fedoraproject ≫ Fedora Version10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.55% | 0.929 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|