CVE-2009-4636

Name of the Vulnerable Software and Affected Versions FFmpeg version 0.5 libavcodec51 (affected versions not specified) libavcodec-dev (affected versions not specified) libavdevice52 (affected versions not specified) libavdevice-dev (affected versions not specified) ffmpeg-dbg (affected versions not specified) ffmpeg-doc (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libavcodec51, libavcodec-dev, libavdevice52, libavdevice-dev, ffmpeg-dbg, and ffmpeg-doc. These vulnerabilities can be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information. Additionally, a specific vulnerability in FFmpeg 0.5 allows remote attackers to cause a denial of service by triggering an infinite loop with a crafted file.

Recommendations For FFmpeg version 0.5, update to a newer version to mitigate the risk of a denial of service. For libavcodec51, restrict access to sensitive information until a patch is available. For libavcodec-dev, avoid using vulnerable functions until a fix is applied. For libavdevice52, disable remote access to minimize the risk of exploitation. For libavdevice-dev, restrict the use of vulnerable modules until a patch is available. For ffmpeg-dbg, avoid using debug functions that may trigger vulnerabilities. For ffmpeg-doc, restrict access to documentation that may contain sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability in the other affected packages.