NULL pointer dereference in FFmpeg - CVE-2009-0385

 

NULL pointer dereference in FFmpeg - CVE-2009-0385

Published: November 20, 2020 / Updated: June 8, 2025


Vulnerability identifier: #VU110619
CSH Severity: High
CVSS v4.0:
CVE-ID: CVE-2009-0385
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: ffmpeg.sourceforge.net
Affected software:
FFmpeg

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.


How to mitigate CVE-2009-0385

Install update from vendor's website.

Sources