CVE-2009-4635

Published: Feb 10, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.

Affected (1)

Products: Ffmpeg: Ffmpeg

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ffmpeg Ffmpeg	Version 0.5

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (32)

http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html

Source: cve@mitre.org

http://secunia.com/advisories/36805

Source: cve@mitre.org

http://secunia.com/advisories/38643

Source: cve@mitre.org

http://secunia.com/advisories/39482

Source: cve@mitre.org

http://www.debian.org/security/2010/dsa-2000

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:059

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:060

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:061

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:088

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:112

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:114

Source: cve@mitre.org

http://www.securityfocus.com/bid/36465

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-931-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/0935

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/1241

Source: cve@mitre.org

https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240

Source: cve@mitre.org

Exploit

http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36805

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/38643

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/39482

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2010/dsa-2000

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:059

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:060

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:061

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:088

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:112

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:114

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/36465

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-931-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/0935

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/1241

Source: af854a3a-2127-422b-91ae-364da2661108

https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.