Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2012-AVI-039
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités présentes dans FFmpeg permettent d'effectuer une exécution de code ou un deni de service à distance.
Description
De multiples vulnérabilités ont été corrigées dans FFmpeg. Ces vulnérabilités permettent à une personne malintentionnée d'effectuer une exécution de code ou un deni de service à distance au moyen d'un fichier spécialement conçu.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La version 0.10 corrige le problème.
FFmpeg versions antérieures à 0.10.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eFFmpeg versions ant\u00e9rieures \u00e0 0.10.\u003c/p\u003e",
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans FFmpeg. Ces\nvuln\u00e9rabilit\u00e9s permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code ou un deni de service \u00e0 distance au moyen d\u0027un fichier\nsp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). La version 0.10 corrige le\nprobl\u00e8me.\n",
"cves": [
{
"name": "CVE-2011-3945",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
},
{
"name": "CVE-2011-3950",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3950"
},
{
"name": "CVE-2011-3929",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
},
{
"name": "CVE-2011-3936",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
},
{
"name": "CVE-2011-3937",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
},
{
"name": "CVE-2011-3940",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
},
{
"name": "CVE-2011-3947",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
},
{
"name": "CVE-2011-3934",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3934"
},
{
"name": "CVE-2011-3949",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3949"
},
{
"name": "CVE-2011-3952",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3952"
},
{
"name": "CVE-2011-3946",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3946"
},
{
"name": "CVE-2011-3935",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3935"
},
{
"name": "CVE-2011-3944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3944"
},
{
"name": "CVE-2011-3941",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3941"
},
{
"name": "CVE-2011-3951",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3951"
}
],
"links": [],
"reference": "CERTA-2012-AVI-039",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans FFmpeg permettent d\u0027effectuer\nune ex\u00e9cution de code ou un deni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FFmpeg",
"url": "http://ffmpeg.org/security.html"
}
]
}
CVE-2011-3945 (GCVE-0-2011-3945)
Vulnerability from cvelistv5 – Published: 2012-08-20 20:00 – Updated: 2024-09-17 04:09
VLAI?
EPSS
Summary
The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2012:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=807a045ab7f51993a2c1b3116016cbbd4f3d20d6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-20T20:00:00Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "MDVSA-2012:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=807a045ab7f51993a2c1b3116016cbbd4f3d20d6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2012:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=807a045ab7f51993a2c1b3116016cbbd4f3d20d6",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=807a045ab7f51993a2c1b3116016cbbd4f3d20d6"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3945",
"datePublished": "2012-08-20T20:00:00Z",
"dateReserved": "2011-10-01T00:00:00Z",
"dateUpdated": "2024-09-17T04:09:43.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3941 (GCVE-0-2011-3941)
Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c77be3a35a0160d6af88056b0899f120f2eef38e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-02T20:57:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c77be3a35a0160d6af88056b0899f120f2eef38e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c77be3a35a0160d6af88056b0899f120f2eef38e",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c77be3a35a0160d6af88056b0899f120f2eef38e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3941",
"datePublished": "2013-12-09T11:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3949 (GCVE-0-2011-3949)
Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=e2291ea1534d17306f685b8c8abc8585bbed87bf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ffmpeg.org/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-09T04:57:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=e2291ea1534d17306f685b8c8abc8585bbed87bf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ffmpeg.org/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e2291ea1534d17306f685b8c8abc8585bbed87bf",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e2291ea1534d17306f685b8c8abc8585bbed87bf"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3949",
"datePublished": "2013-12-09T11:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3952 (GCVE-0-2011-3952)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-09-16 16:53
VLAI?
EPSS
Summary
The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "DSA-2494",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=386741f887714d3e46c9e8fe577e326a7964037b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-20T18:00:00Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "DSA-2494",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=386741f887714d3e46c9e8fe577e326a7964037b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "DSA-2494",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2494"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=386741f887714d3e46c9e8fe577e326a7964037b",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=386741f887714d3e46c9e8fe577e326a7964037b"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3952",
"datePublished": "2012-08-20T18:00:00Z",
"dateReserved": "2011-10-01T00:00:00Z",
"dateUpdated": "2024-09-16T16:53:20.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3951 (GCVE-0-2011-3951)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-09-17 04:20
VLAI?
EPSS
Summary
The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "DSA-2494",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=ce7aee9b733134649a6ce2fa743e51733f33e67e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-20T18:00:00Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "DSA-2494",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=ce7aee9b733134649a6ce2fa743e51733f33e67e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "DSA-2494",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2494"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=ce7aee9b733134649a6ce2fa743e51733f33e67e",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=ce7aee9b733134649a6ce2fa743e51733f33e67e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3951",
"datePublished": "2012-08-20T18:00:00Z",
"dateReserved": "2011-10-01T00:00:00Z",
"dateUpdated": "2024-09-17T04:20:11.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3940 (GCVE-0-2011-3940)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c898431ca5ef2a997fe9388b650f658fb60783e5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a"
},
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers \"use of uninitialized streams.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c898431ca5ef2a997fe9388b650f658fb60783e5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a"
},
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers \"use of uninitialized streams.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c898431ca5ef2a997fe9388b650f658fb60783e5",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c898431ca5ef2a997fe9388b650f658fb60783e5"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a"
},
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49089"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3940",
"datePublished": "2012-08-20T18:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3936 (GCVE-0-2011-3936)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49089"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3936",
"datePublished": "2012-08-20T18:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3935 (GCVE-0-2011-3935)
Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=668494acd8b20f974c7722895d4a6a14c1005f1e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-09T04:57:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=668494acd8b20f974c7722895d4a6a14c1005f1e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=668494acd8b20f974c7722895d4a6a14c1005f1e",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=668494acd8b20f974c7722895d4a6a14c1005f1e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3935",
"datePublished": "2013-12-09T11:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3929 (GCVE-0-2011-3929)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04"
},
{
"name": "49089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49089"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3929",
"datePublished": "2012-08-20T18:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3934 (GCVE-0-2011-3934)
Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=247d30a7dba6684ccce4508424f35fd58465e535"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ffmpeg.org/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-09T04:57:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=247d30a7dba6684ccce4508424f35fd58465e535"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ffmpeg.org/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=247d30a7dba6684ccce4508424f35fd58465e535",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=247d30a7dba6684ccce4508424f35fd58465e535"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3934",
"datePublished": "2013-12-09T11:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3944 (GCVE-0-2011-3944)
Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2855",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1285baaab550e3e761590ef6dfb1d9bd9d1332e4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ffmpeg.org/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-05T14:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-2855",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=1285baaab550e3e761590ef6dfb1d9bd9d1332e4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ffmpeg.org/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2855",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2855"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1285baaab550e3e761590ef6dfb1d9bd9d1332e4",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1285baaab550e3e761590ef6dfb1d9bd9d1332e4"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3944",
"datePublished": "2013-12-09T11:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3937 (GCVE-0-2011-3937)
Vulnerability from cvelistv5 – Published: 2013-01-05 00:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"name": "MDVSA-2013:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to \"width/height changing with frame threads.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-10T15:57:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"name": "MDVSA-2013:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/news.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to \"width/height changing with frame threads.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"name": "MDVSA-2013:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"name": "http://ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/security.html"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"name": "http://libav.org/news.html",
"refsource": "CONFIRM",
"url": "http://libav.org/news.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3937",
"datePublished": "2013-01-05T00:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3947 (GCVE-0-2011-3947)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"name": "49089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49089"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3947",
"datePublished": "2012-08-20T18:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3950 (GCVE-0-2011-3950)
Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ffmpeg.org/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-09T04:57:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ffmpeg.org/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3950",
"datePublished": "2013-12-09T11:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3946 (GCVE-0-2011-3946)
Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9decfc17bb76da34734296048d390b176abf404c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-09T04:57:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9decfc17bb76da34734296048d390b176abf404c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3946",
"datePublished": "2013-12-09T11:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…