FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ffmpeg -- 4xm processing memory corruption vulnerability

Affected packages
ffmpeg < 2008.07.27_9

Details

VuXML ID 6733e1bf-125f-11de-a964-0030843d3802
Discovery 2009-01-28
Entry 2009-03-16

Secunia reports:

Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to a signedness error within the "fourxm_read_header()" function in libavformat/4xm.c. This can be exploited to corrupt arbitrary memory via a specially crafted 4xm file.

References

Bugtraq ID 33502
CVE Name CVE-2009-0385
URL http://secunia.com/advisories/33711/
URL http://trapkit.de/advisories/TKADV2009-004.txt