Описание
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | |
| hardy | not-affected | code not present |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.9.1.9+nobinonly-0ubuntu1 |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | released | 1.9.1.9+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 1.9.1.9+nobinonly-0ubuntu0.9.10.1 |
| upstream | released | 1.9.1.4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | |
| hardy | released | 1.9.2.6+nobinonly-0ubuntu0.8.04.1 |
| intrepid | DNE | |
| jaunty | ignored | end of life, was needs-triage |
| karmic | ignored | end of life, was needs-triage |
| upstream | not-affected |
Показывать по
EPSS
9.3 Critical
CVSS2
Связанные уязвимости
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
The oggplay_data_handle_theora_frame function in media/liboggplay/src/ ...
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
EPSS
9.3 Critical
CVSS2