CVE-2009-0893

Name of the Vulnerable Software and Affected Versions Xvid versions prior to 1.2.2

Description The issue is related to multiple heap-based buffer overflows in the xvidcore library, which can be triggered by providing a crafted macroblock number in a video stream within a crafted movie file. This can lead to heap memory corruption and allow remote attackers to execute arbitrary code. The problem is associated with a missing resync marker range check and involves the decoder iframe, decoder pframe, and decoder bframe functions.

Recommendations For Xvid versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of crafted movie files until the update is applied. Restrict access to video streams from untrusted sources to minimize the risk of exploitation.