CVE-2009-4633

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 0.5

Description The issue is related to multiple vulnerabilities in the FFmpeg package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, in vorbis dec.c, an assignment operator is used instead of a comparison operator, potentially allowing remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.

Recommendations For FFmpeg version prior to 0.5, update to a version that fixes the vulnerabilities, as the current version may allow remote attackers to exploit the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.