CVE-2009-3389

Name	CVE-2009-3389
Description	Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2045-1
Debian Bugs	572950

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libtheora (PTS)	bullseye	1.1.1+dfsg.1-15	fixed
	bookworm	1.1.1+dfsg.1-16.1	fixed
	sid, trixie	1.1.1+dfsg.1-17	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
iceweasel	source	lenny	(not affected)
iceweasel	source	(unstable)	3.5.11-2
libtheora	source	etch	(not affected)
libtheora	source	lenny	1.0~beta3-1+lenny1		DSA-2045-1
libtheora	source	(unstable)	1.1			572950
xulrunner	source	etch	(unfixed)	end-of-life
xulrunner	source	lenny	(not affected)
xulrunner	source	(unstable)	1.9.1.6-1

Notes

[etch] - libtheora <not-affected> (vulnerable code not present)
[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)