DEBIAN-CVE-2009-3389

DEBIAN-CVE-2009-3389 PUBLISHED CVSS 9.300000190734863 CRITICAL

Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:12	libtheora	0, 0, 0
Debian:11	libtheora	0, 0, 0
Debian:14	libtheora	0, 0, 0
Debian:13	libtheora	0, 0, 0

Timeline

Dec 17, 2009 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2009-3389 advisory

Open in Interactive Console →