返回 CVE 瀏覽器

CVE-2009-0894

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1450%

EPSS Percentile9.93th

Published2009年6月2日

Last Modified2026年4月23日

Vulnerability Description

Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Xvid

Xvid

<= 1.2.1

📦

Xvid

Xvid

= 1.1.0

📦

Xvid

Xvid

= 1.1.1

📦

Xvid

Xvid

= 1.1.2

📦

Xvid

Xvid

= 1.1.3

📦

Xvid

Xvid

= 1.2.0

References & Advisories

🔗 http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c

🔗 http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81

🔗 http://www.securityfocus.com/bid/35158

🔗 http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews%5BbackPid%5D=64&tx_ttnews%5Btt_news%5D=7

🔗 https://www.it-isac.org/postings/cyber/alertdetail.php?id=4635&selyear=2009&menutype=menupublic

🔗 http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c

🔗 http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81

🔗 http://www.securityfocus.com/bid/35158

相關漏洞威脅

CVE-2009-089310.0

Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Me...

CVE-2007-33296.8

Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bi...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...