CVE-2009-0385

Description

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ffmpeg	11.04 natty	Not in release
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Ignored end of life, was needed
	8.04 LTS hardy	Fixed 3:0.cvs20070307-5ubuntu7.2
	7.10 gutsy	Fixed 3:0.cvs20070307-5ubuntu4.2
	6.06 LTS dapper	Ignored end of life
ffmpeg-debian	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 3:0.svn20080206-12ubuntu3.1
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release
gstreamer0.10-ffmpeg	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Ignored end of life
	9.04 jaunty	Ignored end of life
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Not affected
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Ignored end of life
kino	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	6.06 LTS dapper	Not affected
motion	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Ignored end of life
	9.04 jaunty	Ignored end of life
	8.10 intrepid	Ignored end of life, was needs-triage
	8.04 LTS hardy	Not affected
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Ignored end of life
mplayer	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Ignored end of life
	8.10 intrepid	Ignored end of life, was needed
	8.04 LTS hardy	Fixed 2:1.0~rc2-0ubuntu13.2
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life
smilutils	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Ignored end of life
	9.04 jaunty	Ignored end of life
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Ignored end of life

Notes

mdeslaur

kino is built with --disable-local-ffmpeg, so it's not vulnerable

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ffmpeg	Upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
ffmpeg-debian	Upstream: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
mplayer	Upstream: http://svn.mplayerhq.hu/ffmpeg/trunk/libavformat/4xm.c?r1=16838&r2=16846&pathrev=16846

References

Related Ubuntu Security Notices (USN)

USN-734-1
FFmpeg vulnerabilities
16 March 2009