Launchpad.net

CVE 2009-4632

oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.

Related bugs and status

CVE-2009-4632 (Candidate) is related to these bugs:

Bug #537297: security backports

		In	Importance	Status
537297	security backports	ffmpeg (Ubuntu)	Medium	Fix Released
537297	security backports	ffmpeg (Debian)	Unknown	Fix Released
537297	security backports	ffmpeg (Ubuntu Intrepid)	Undecided	Invalid
537297	security backports	ffmpeg (Ubuntu Jaunty)	Undecided	Won't Fix
537297	security backports	ffmpeg (Ubuntu Lucid)	Medium	Fix Released
537297	security backports	ffmpeg (Ubuntu Karmic)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MISC: http://scarybeastsecur...
MISC: https://roundup.ffmpeg...
DEBIAN: DSA-2000
BID: 36465
SECUNIA: 36805
SECUNIA: 38643
UBUNTU: USN-931-1
SECUNIA: 39482
VUPEN: ADV-2010-0935
MANDRIVA: MDVSA-2011:060
MANDRIVA: MDVSA-2011:061
MANDRIVA: MDVSA-2011:088
VUPEN: ADV-2011-1241
MANDRIVA: MDVSA-2011:112
MANDRIVA: MDVSA-2011:114