| Vulnerability Name: | CVE-2009-0385 (CCN-48330) | ||||||||||||||||||||||||||||
| Assigned: | 2009-01-28 | ||||||||||||||||||||||||||||
| Published: | 2009-01-28 | ||||||||||||||||||||||||||||
| Updated: | 2020-11-20 | ||||||||||||||||||||||||||||
| Summary: | Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2009-0385 Source: CONFIRM Type: Permissions Required http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 Source: OSVDB Type: Broken Link 51643 Source: CCN Type: SA33711 FFmpeg 4xm Processing Memory Corruption Vulnerability Source: SECUNIA Type: Third Party Advisory 33711 Source: CCN Type: SA33936 xine-lib FFmpeg 4xm Processing Memory Corruption Vulnerability Source: SECUNIA Type: Third Party Advisory 34296 Source: SECUNIA Type: Third Party Advisory 34385 Source: SECUNIA Type: Third Party Advisory 34712 Source: SECUNIA Type: Third Party Advisory 34845 Source: SECUNIA Type: Third Party Advisory 34905 Source: GENTOO Type: Third Party Advisory GLSA-200903-33 Source: CONFIRM Type: Broken Link http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846 Source: CCN Type: FFmpeg SVN Repository [ffmpeg] Revision 16846 Source: CONFIRM Type: Broken Link http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=16846 Source: DEBIAN Type: Third Party Advisory DSA-1781 Source: DEBIAN Type: Third Party Advisory DSA-1782 Source: DEBIAN Type: DSA-1781 ffmpeg-debian -- several vulnerabilities Source: DEBIAN Type: DSA-1782 mplayer -- several vulnerabilities Source: MANDRIVA Type: Third Party Advisory MDVSA-2009:297 Source: CCN Type: OSVDB ID: 51643 FFmpeg libavformat/4xm.c fourxm_read_header Function 4xm File Handling Memory Corruption Source: CCN Type: OSVDB ID: 52498 xine-lib demuxers/demux_4xm.c current_track Value Handling Overflow Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability Source: BID Type: Third Party Advisory, VDB Entry 33502 Source: CCN Type: BID-33502 FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability Source: CCN Type: TKADV2009-004 FFmpeg Type Conversion Vulnerability Source: MISC Type: Third Party Advisory http://www.trapkit.de/advisories/TKADV2009-004.txt Source: CCN Type: USN-734-1 FFmpeg vulnerabilities Source: UBUNTU Type: Third Party Advisory USN-734-1 Source: VUPEN Type: Third Party Advisory ADV-2009-0277 Source: XF Type: Third Party Advisory, VDB Entry ffmpeg-fourxmreadheader-code-execution(48330) Source: XF Type: UNKNOWN ffmpeg-fourxmreadheader-code-execution(48330) Source: CCN Type: IBM Security Bulletin 6336361 (Security Secret Server) Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Vault previously known as IBM Security Secret Server Source: FEDORA Type: Third Party Advisory FEDORA-2009-3428 Source: FEDORA Type: Third Party Advisory FEDORA-2009-3433 | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||