FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ffmpeg -- 4xm processing memory corruption vulnerability

Affected packages
ffmpeg < 2008.07.27_9

Details

VuXML ID 6733e1bf-125f-11de-a964-0030843d3802
Discovery 2009-01-28
Entry 2009-03-16

Secunia reports:

Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to a signedness error within the "fourxm_read_header()" function in libavformat/4xm.c. This can be exploited to corrupt arbitrary memory via a specially crafted 4xm file.

[source]

References

Bugtraq ID 33502
CVE Name CVE-2009-0385
URL http://secunia.com/advisories/33711/
URL http://trapkit.de/advisories/TKADV2009-004.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.