1
PublicDateAtUSN: 2010-02-09
2
Candidate: CVE-2009-4633
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4633
6
https://usn.ubuntu.com/usn/usn-931-1
8
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison
9
operator was intended, which might allow remote attackers to cause a denial
10
of service and possibly execute arbitrary code via a crafted file that
11
modifies a loop counter and triggers a heap-based buffer overflow.
14
mdeslaur> This is issue #13
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550442
18
Discovered-by: Will Dormann
21
Patches_ffmpeg-debian:
22
upstream_ffmpeg-debian: needed
23
dapper_ffmpeg-debian: DNE
24
hardy_ffmpeg-debian: DNE
25
intrepid_ffmpeg-debian: released (3:0.svn20080206-12ubuntu3.2)
26
jaunty_ffmpeg-debian: released (3:0.svn20090303-1ubuntu6.1)
27
karmic_ffmpeg-debian: DNE
28
lucid_ffmpeg-debian: DNE
29
maverick_ffmpeg-debian: DNE
30
devel_ffmpeg-debian: DNE
33
upstream_ffmpeg: needed
34
dapper_ffmpeg: ignored (reached end-of-life)
35
hardy_ffmpeg: released (3:0.cvs20070307-5ubuntu7.4)
36
intrepid_ffmpeg: needed (reached end-of-life)
37
jaunty_ffmpeg: ignored (reached end-of-life)
38
karmic_ffmpeg: released (4:0.5+svn20090706-2ubuntu2.1)
39
lucid_ffmpeg: not-affected (4:0.5.1-1ubuntu1)
40
maverick_ffmpeg: not-affected (4:0.5.1-1ubuntu1)
41
devel_ffmpeg: not-affected (4:0.5.1-1ubuntu1)