CVE-2009-4634

Name of the Vulnerable Software and Affected Versions FFmpeg versions 0.5 and earlier libavdevice52 (affected versions not specified) libavcodec51 (affected versions not specified) libavdevice-dev (affected versions not specified) libavcodec-dev (affected versions not specified) ffmpeg-doc (affected versions not specified) ffmpeg-dbg (affected versions not specified)

Description The issue involves multiple vulnerabilities in the FFmpeg package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. This can be achieved through crafted files that bypass validation checks or access out-of-bounds memory, potentially leading to a denial of service or the execution of arbitrary code. The vulnerabilities can be exploited via vorbis dec.c and mov.c, related to an elst tag that appears before a tag that creates a stream.

Recommendations For FFmpeg version 0.5 and earlier, update to a version later than 0.5 to resolve the issue. For libavdevice52, libavcodec51, libavdevice-dev, libavcodec-dev, ffmpeg-doc, and ffmpeg-dbg, at the moment, there is no information about a newer version that contains a fix for this vulnerability.