Back to search
CVE-2009-3378
Published: Oct 29, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
272909
vendor-advisory
x_refsource_SUNALERT
oval:org.mitre.oval:def:6443
vdb-entry
signature
x_refsource_OVAL
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=500311
x_refsource_CONFIRM
ADV-2009-3334
vdb-entry
x_refsource_VUPEN
MDVSA-2009:294
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now