CVE-2009-3389

EPSS 5.5%

libtheora - arbitrary code execution

Published: 12/17/2009Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-3389

Description

Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.

Affected packages (2)

Debian/libtheorafrom 0, < 1.1
Debian/libtheorafrom 0, < 1.0~beta3-1+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-3389