Bug#524799: ffmpeg-debian: CVE-2009-0385 integer signedness error
Michael S. Gilbert
michael.s.gilbert at gmail.com
Mon Apr 20 01:15:38 UTC 2009
package: ffmpeg-debian
severity: important
tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for ffmpeg-debian.
CVE-2009-0385[0]:
| Integer signedness error in the fourxm_read_header function in
| libavformat/4xm.c in FFmpeg before revision 16846 allows remote
| attackers to execute arbitrary code via a malformed 4X movie file with
| a large current_track value, which triggers a NULL pointer
| dereference.
See fedora security announcement for more details [1].
Please coordinate with the security team to prepare updated packages
for the stable releases.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
http://security-tracker.debian.net/tracker/CVE-2009-0385
[1] http://lwn.net/Articles/328039/
More information about the pkg-multimedia-maintainers
mailing list