CVE-2009-4631

Name of the Vulnerable Software and Affected Versions ffmpeg-dbg (affected versions not specified) libavdevice52 (affected versions not specified) libavcodec51 (affected versions not specified) libavdevice-dev (affected versions not specified) libavcodec-dev (affected versions not specified) ffmpeg-doc (affected versions not specified) FFmpeg versions prior to 0.5

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including ffmpeg-dbg, libavdevice52, libavcodec51, libavdevice-dev, libavcodec-dev, and ffmpeg-doc. These vulnerabilities can lead to disruptions in confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be carried out remotely. Additionally, there is an off-by-one error in the VP3 decoder of FFmpeg 0.5, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file.

Recommendations For ffmpeg-dbg, consider updating to a version that includes the fix for this issue. For libavdevice52, consider updating to a version that includes the fix for this issue. For libavcodec51, consider updating to a version that includes the fix for this issue. For libavdevice-dev, consider updating to a version that includes the fix for this issue. For libavcodec-dev, consider updating to a version that includes the fix for this issue. For ffmpeg-doc, consider updating to a version that includes the fix for this issue. For FFmpeg, update to a version later than 0.5 to resolve the off-by-one error in the VP3 decoder. At the moment, there is no information about a newer version that contains a fix for the other vulnerabilities.