Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3389 to
the following vulnerability:
Reference: MISC: http://www.theora.org/news/#libtheora-1.1.0
Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=504613
Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=515882
Reference: URL: http://www.securityfocus.com/bid/37349
Reference: URL: http://www.securityfocus.com/bid/37368
Reference: URL: http://secunia.com/advisories/37699
Reference: URL: http://secunia.com/advisories/37785
Reference: URL: http://www.vupen.com/english/advisories/2009/3547
Reference: URL: http://xforce.iss.net/xforce/xfdb/54805
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used
in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a video with large dimensions.
This issue did not affect versions of libtheora shipped in Red Hat Enterprise Linux 4 and 5. Current Fedora versions include libtheor 1.1.0, which already contains the fixes. Firefox-embedded copy was updated via rebase to 3.5.6.