CVE Database · CVE-2009-3389
CVSS v3.1
N/A
EPSS
4.78%
Published
Dec 17, 2009
Modified
Apr 22, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
Weaknesses (CWE)
Affected Products (51)
References (20)
...and 1 more
