Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3389 to the following vulnerability: Name: CVE-2009-3389 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389 Assigned: 20090924 Reference: MISC: http://www.theora.org/news/#libtheora-1.1.0 Reference: CONFIRM: http://www.mozilla.org/security/announce/2009/mfsa2009-67.html Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=504613 Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=515882 Reference: BID:37349 Reference: URL: http://www.securityfocus.com/bid/37349 Reference: BID:37368 Reference: URL: http://www.securityfocus.com/bid/37368 Reference: SECUNIA:37699 Reference: URL: http://secunia.com/advisories/37699 Reference: SECUNIA:37785 Reference: URL: http://secunia.com/advisories/37785 Reference: VUPEN:ADV-2009-3547 Reference: URL: http://www.vupen.com/english/advisories/2009/3547 Reference: XF:mozilla-theora-bo(54805) Reference: URL: http://xforce.iss.net/xforce/xfdb/54805 Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
This issue did not affect versions of libtheora shipped in Red Hat Enterprise Linux 4 and 5. Current Fedora versions include libtheor 1.1.0, which already contains the fixes. Firefox-embedded copy was updated via rebase to 3.5.6.