CVE-2009-4637

Name of the Vulnerable Software and Affected Versions FFmpeg version 0.5 libavcodec51 (affected versions not specified) libavcodec-dev (affected versions not specified) libavdevice52 (affected versions not specified) libavdevice-dev (affected versions not specified) ffmpeg-dbg (affected versions not specified) ffmpeg-doc (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including FFmpeg, libavcodec, and libavdevice. These vulnerabilities can be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information. The vulnerabilities may cause a denial of service or possibly allow the execution of arbitrary code via unknown vectors that trigger a stack-based buffer overflow.

Recommendations For FFmpeg version 0.5, update to a newer version to mitigate the risk. For libavcodec51, consider restricting access to sensitive data until a patch is available. For libavcodec-dev, avoid using vulnerable functions until the issue is resolved. For libavdevice52, restrict access to the vulnerable module to minimize the risk of exploitation. For libavdevice-dev, consider disabling the vulnerable component until a patch is available. For ffmpeg-dbg, restrict access to sensitive information until the issue is resolved. For ffmpeg-doc, avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for libavcodec-dev, libavdevice52, libavdevice-dev, ffmpeg-dbg, and ffmpeg-doc.