• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

FFmpeg 'libavformat/4xm.c' Remote Code Execution Vulnerability

Bugtraq ID:	33502
Class:	Boundary Condition Error
CVE:	CVE-2009-0385 CVE-2009-0698
Remote:	Yes
Local:	No
Published:	Jan 28 2009 12:00AM
Updated:	Nov 16 2009 06:56PM
Credit:	Tobias Klein
Vulnerable:	xine xine-lib 1.1.16 1 xine xine-lib 1.1.16 xine xine-lib 1.1.15 xine xine-lib 1.1.14 xine xine-lib 1.1.13 xine xine-lib 1.1.12 xine xine-lib 1.1.11 1 xine xine-lib 1.1.11 xine xine-lib 1.1.10 1 xine xine-lib 1.1.10 xine xine-lib 1.1.9 .1 xine xine-lib 1.1.9 xine xine-lib 1.1.4 xine xine-lib 1.1.3 xine xine-lib 1.1.2 xine xine-lib 1.1.1 xine xine-lib 1.1 xine xine-lib 1.0.2 xine xine-lib 1.0.1 xine xine-lib 1.0 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux -current S.u.S.E. SLE 11 S.u.S.E. SLE 10 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 RedHat Fedora 9 0 RedHat Fedora 10 Pardus Linux 2008 0 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux FFmpeg FFmpeg 0.8.7 -r1 FFmpeg FFmpeg 0.8.7 FFmpeg FFmpeg 0.4.9 20080909 FFmpeg FFmpeg 0.4.9 -pre1 FFmpeg FFmpeg 0.4.9 -0.pre1.5.1.20060 FFmpeg FFmpeg 0.4.9 FFmpeg FFmpeg 0.4.8 FFmpeg FFmpeg 0.4.7 FFmpeg FFmpeg 0.4.6 FFmpeg FFmpeg 2005-03-13 FFmpeg FFmpeg 0.49_p20060530 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 armel Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0
Not Vulnerable:	xine xine-lib 1.1.16 2 FFmpeg FFmpeg CVS + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64