CVE-2009-4640
https://notcve.org/view.php?id=CVE-2009-4640
Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. Error de indexación de array en vorbis_dec.c in FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar y posiblemente ejecutar código arbitrario a través de un fichero Vorbis manipulado que inicia una lectura fuera de rango. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://secunia.com/advisories/39482 http://www.debian.org/security/2010/dsa-2000 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 http • CWE-189: Numeric Errors •
CVE-2009-4637 – FFmpeg 0.5 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4637
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores desconocidos que inicia un desbordamiento de búfer basado en pila. • https://www.exploit-db.com/exploits/33233 http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://secunia.com/advisories/39482 http://www.debian.org/security/2010/dsa-2000 http://www.securityfocus.com/bid/36465 http://www.ubuntu.com/usn/USN-931-1 http://www.vupen.com/english/advisories/2010/0935 https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4633
https://notcve.org/view.php?id=CVE-2009-4633
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. vorbis_dec.c en FFmpeg v0.5 utiliza un operador de asignación cuando el generador estaba destinado a una comparación, lo que permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar codigo arbitrario a través de un fichero manipulado que modifica el contador de bucle e inicia un desbordamiento de búfer de memoria libre. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://secunia.com/advisories/39482 http://www.debian.org/security/2010/dsa-2000 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 http • CWE-189: Numeric Errors •
CVE-2009-4632
https://notcve.org/view.php?id=CVE-2009-4632
oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. oggparsevorbis.c en FFmpeg v0.5 no realiza correctamente cierto puntero aritmético, lo que permite a atacantes remotos obtener información de contenidos sensibles de memoria y producir una denegación de servicio a través de un fichero que inicia una lectura fuera de rango. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://secunia.com/advisories/39482 http://www.debian.org/security/2010/dsa-2000 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 http • CWE-189: Numeric Errors •
CVE-2009-4636
https://notcve.org/view.php?id=CVE-2009-4636
FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio (colgado) a través de un fichero manipulado que inicia un bucle infinito. • http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://www.debian.org/security/2010/dsa-2000 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 http://www.mandriva.com/security/advisorie • CWE-94: Improper Control of Generation of Code ('Code Injection') •