Launchpad.net

CVE 2009-4634

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.

Related bugs and status

CVE-2009-4634 (Candidate) is related to these bugs:

Bug #537297: security backports

		In	Importance	Status
537297	security backports	ffmpeg (Ubuntu)	Medium	Fix Released
537297	security backports	ffmpeg (Debian)	Unknown	Fix Released
537297	security backports	ffmpeg (Ubuntu Intrepid)	Undecided	Invalid
537297	security backports	ffmpeg (Ubuntu Jaunty)	Undecided	Won't Fix
537297	security backports	ffmpeg (Ubuntu Lucid)	Medium	Fix Released
537297	security backports	ffmpeg (Ubuntu Karmic)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MISC: http://scarybeastsecur...
MISC: https://roundup.ffmpeg...
DEBIAN: DSA-2000
BID: 36465
SECUNIA: 36805
SECUNIA: 38643
UBUNTU: USN-931-1
SECUNIA: 39482
VUPEN: ADV-2010-0935
MANDRIVA: MDVSA-2011:059
MANDRIVA: MDVSA-2011:060
MANDRIVA: MDVSA-2011:061
MANDRIVA: MDVSA-2011:088
VUPEN: ADV-2011-1241
MANDRIVA: MDVSA-2011:112
MANDRIVA: MDVSA-2011:114