CVE-2009-4632

Name of the Vulnerable Software and Affected Versions FFmpeg versions 0.5 and earlier libavdevice52 (affected versions not specified) libavcodec51 (affected versions not specified) libavdevice-dev (affected versions not specified) libavcodec-dev (affected versions not specified) ffmpeg-doc (affected versions not specified) ffmpeg-dbg (affected versions not specified)

Description The issue involves multiple vulnerabilities in the FFmpeg package and related libraries in the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, the oggparsevorbis.c file in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.

Recommendations For FFmpeg version 0.5 and earlier, update to a version that fixes the oggparsevorbis.c issue. For libavdevice52, libavcodec51, libavdevice-dev, libavcodec-dev, ffmpeg-doc, and ffmpeg-dbg, at the moment, there is no information about a newer version that contains a fix for this vulnerability.