Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2009-4633 First vendor Publication 2010-02-09
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4633

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2011-07-22 Name : Mandriva Update for blender MDVSA-2011:112 (blender)
File : nvt/gb_mandriva_MDVSA_2011_112.nasl
2011-07-22 Name : Mandriva Update for blender MDVSA-2011:114 (blender)
File : nvt/gb_mandriva_MDVSA_2011_114.nasl
2011-05-17 Name : Mandriva Update for mplayer MDVSA-2011:088 (mplayer)
File : nvt/gb_mandriva_MDVSA_2011_088.nasl
2011-04-06 Name : Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2011_060.nasl
2011-04-06 Name : Mandriva Update for ffmpeg MDVSA-2011:061 (ffmpeg)
File : nvt/gb_mandriva_MDVSA_2011_061.nasl
2011-03-07 Name : Debian Security Advisory DSA 2165-1 (ffmpeg-debian)
File : nvt/deb_2165_1.nasl
2010-04-30 Name : Ubuntu Update for ffmpeg, ffmpeg-debian regression USN-931-2
File : nvt/gb_ubuntu_USN_931_2.nasl
2010-04-29 Name : Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1
File : nvt/gb_ubuntu_USN_931_1.nasl
2010-02-25 Name : Debian Security Advisory DSA 2000-1 (ffmpeg-debian)
File : nvt/deb_2000_1.nasl
2010-02-17 Name : FFmpeg multiple vulnerabilities (Linux)
File : nvt/gb_ffmpeg_mult_vuln_lin.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
58505 FFmpeg vorbis_dec.c Assignment Operator Remote Overflow DoS

ffmpeg contains a flaw that may allow a remote denial of service. The issue is triggered when processing a specially crafted MJPG encoded AVI file which causes a dereference of invalid memory, and will result in loss of availability for the service

Snort® IPS/IDS

Date Description
2014-01-10 FFmpeg OGV file format memory corruption attempt
RuleID : 16353 - Revision : 14 - Type : FILE-MULTIMEDIA

Nessus® Vulnerability Scanner

Date Description
2013-10-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-12.nasl - Type : ACT_GATHER_INFO
2013-10-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-13.nasl - Type : ACT_GATHER_INFO
2011-07-19 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-112.nasl - Type : ACT_GATHER_INFO
2011-07-19 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-114.nasl - Type : ACT_GATHER_INFO
2011-05-17 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-088.nasl - Type : ACT_GATHER_INFO
2011-04-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-060.nasl - Type : ACT_GATHER_INFO
2011-04-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-061.nasl - Type : ACT_GATHER_INFO
2011-02-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2165.nasl - Type : ACT_GATHER_INFO
2010-04-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-931-2.nasl - Type : ACT_GATHER_INFO
2010-04-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-931-1.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2000.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html
http://secunia.com/advisories/36805
http://secunia.com/advisories/38643
http://secunia.com/advisories/39482
http://www.debian.org/security/2010/dsa-2000
http://www.mandriva.com/security/advisories?name=MDVSA-2011:060
http://www.mandriva.com/security/advisories?name=MDVSA-2011:061
http://www.mandriva.com/security/advisories?name=MDVSA-2011:088
http://www.mandriva.com/security/advisories?name=MDVSA-2011:112
http://www.mandriva.com/security/advisories?name=MDVSA-2011:114
http://www.securityfocus.com/bid/36465
http://www.ubuntu.com/usn/USN-931-1
http://www.vupen.com/english/advisories/2010/0935
http://www.vupen.com/english/advisories/2011/1241
https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2024-11-28 23:09:26
  • Multiple Updates
2024-11-28 12:20:31
  • Multiple Updates
2021-05-04 12:10:40
  • Multiple Updates
2021-04-22 01:11:09
  • Multiple Updates
2020-05-23 00:24:47
  • Multiple Updates
2016-04-26 19:23:00
  • Multiple Updates
2014-02-17 10:52:50
  • Multiple Updates
2014-01-19 21:26:25
  • Multiple Updates
2013-05-11 00:04:02
  • Multiple Updates