VYPR
Unrated severityNVD Advisory· Published Feb 2, 2009· Updated Jun 16, 2026

CVE-2009-0385

CVE-2009-0385

Description

Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • FFmpeg/Ffmpeg2 versions
    cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*range: <0.6.3
    • (no CPE)range: < revision 16846
  • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
  • Debian/linux3 versions
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.