CVE-2009-4635
Gentoo Linux Security Advisory 201310-12
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.
FFmpeg v0.5 permite a atacantes remotos producir una denegación de servicio y posiblemente ejecutar código arbitrario a través de un contenedor MOV con tag impropios que producen (1) mov.c y (2) utils.c que utiliza identificadores y tipos de codecs inconsistentes, lo que causa que el decodificador mp3 procese un puntero para una estructura de vídeo, iniciando un desbordamiento de búfer basado en pila
Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-02-09 CVE Reserved
- 2010-02-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html | X_refsource_misc | |
| http://secunia.com/advisories/36805 | Third Party Advisory | |
| http://secunia.com/advisories/38643 | Third Party Advisory | |
| http://secunia.com/advisories/39482 | Third Party Advisory | |
| http://www.securityfocus.com/bid/36465 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/0935 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/1241 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 | 2024-08-07 |
| URL | Date | SRC |
|---|