CVE-2009-0894

Name of the Vulnerable Software and Affected Versions Xvid versions prior to 1.2.2

Description A heap-based buffer overflow issue exists in the decoder create function within the initialization functionality of Xvid. This issue can be exploited by remote attackers to execute arbitrary code through crafted movie files, particularly when the XVID ERR MEMORY return code is improperly handled during processing. The exploitation vector involves the DirectShow frontend.

Recommendations For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the decoder create function until a patch is available. Avoid using Xvid to process untrusted or crafted movie files until the issue is resolved.