CVE-2009-3378

Name of the Vulnerable Software and Affected Versions liboggplay versions prior to 3.5.4 Mozilla Firefox versions 3.5.x before 3.5.4

Description The issue is related to the oggplay data handle theora frame function in liboggplay, which can cause a denial of service or possibly execute arbitrary code when encountering a decoding error for the first frame in a crafted .ogg video file. This is due to the function attempting to reuse an earlier frame data structure, leading to a NULL pointer dereference and application crash.

Recommendations For liboggplay versions prior to 3.5.4, update to version 3.5.4 or later to resolve the issue. For Mozilla Firefox versions 3.5.x before 3.5.4, update to version 3.5.4 or later to resolve the issue.