Bug 548539 (CVE-2009-3388)

Summary: CVE-2009-3388 liboggplay: DoS or arbitrary code execution via unspecified vectors
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3388
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-12-21 08:25:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2009-12-17 18:18:07 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3388 to
the following vulnerability:

Name: CVE-2009-3388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388
Assigned: 20090924
Reference: CONFIRM: http://www.mozilla.org/security/announce/2009/mfsa2009-66.html
Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=504843
Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=523816
Reference: BID:37349
Reference: URL: http://www.securityfocus.com/bid/37349
Reference: BID:37369
Reference: URL: http://www.securityfocus.com/bid/37369
Reference: SECTRACK:1023335
Reference: URL: http://securitytracker.com/id?1023335
Reference: SECTRACK:1023336
Reference: URL: http://securitytracker.com/id?1023336
Reference: SECUNIA:37699
Reference: URL: http://secunia.com/advisories/37699
Reference: SECUNIA:37785
Reference: URL: http://secunia.com/advisories/37785
Reference: VUPEN:ADV-2009-3547
Reference: URL: http://www.vupen.com/english/advisories/2009/3547
Reference: XF:mozilla-liboggplay-code-execution(54804)
Reference: URL: http://xforce.iss.net/xforce/xfdb/54804

liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before
2.0.1 might allow context-dependent attackers to cause a denial of
service (application crash) or execute arbitrary code via unspecified
vectors, related to "memory safety issues."
Comment 1 Tomas Hoger 2009-12-21 08:25:25 UTC 
liboggplay is not shipped as separate package in Red Hat Enterprise Linux or Fedora.  It is included in mozilla packages and the issue was resolved in affected Fedora versions via Firefox updates to 3.5.6.