CVE-2009-4636 — Code Injection in Ffmpeg

Severity

4.3MEDIUMNVD

EPSS

3.2%

top 13.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedFeb 10

Latest updateMay 2

Description

FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

▶debiandebian/ffmpeg< ffmpeg 4:0.5+svn20090706-3 (bookworm)

▶Debianffmpeg/ffmpeg< 4:0.5+svn20090706-3+3

GHSA

GHSA-9ph5-24p7-567p: FFmpeg 0↗2022-05-02

▶

OSV

CVE-2009-4636: FFmpeg 0↗2010-02-10

▶

Debian

CVE-2009-4636: ffmpeg - FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a cra...↗2009

▶