Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2012-AVI-253
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les versions 0.7 et 0.8 de FFmpeg. Ces vulnérabilités peuvent être exploitées par une personne malveillante distante pour effectuer un déni de service ou pour compromettre un système au moyen d'un fichier spécialement conçu.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FFmpeg 0.8 versions ant\u00e9rieures \u00e0 0.8.11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "FFmepg 0.7 versions ant\u00e9rieures \u00e0 0.7.12.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3945",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
},
{
"name": "CVE-2011-3929",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
},
{
"name": "CVE-2011-3936",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
},
{
"name": "CVE-2011-3937",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
},
{
"name": "CVE-2011-3940",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
},
{
"name": "CVE-2011-3947",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
},
{
"name": "CVE-2012-0853",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0853"
},
{
"name": "CVE-2012-0858",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0858"
}
],
"links": [],
"reference": "CERTA-2012-AVI-253",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-05-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les versions 0.7 et\n0.8 de FFmpeg. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par une\npersonne malveillante distante pour effectuer un d\u00e9ni de service ou pour\ncompromettre un syst\u00e8me au moyen d\u0027un fichier sp\u00e9cialement con\u00e7u.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin FFmpeg",
"url": "http://ffmpeg.org/index.html#pr0811"
}
]
}
CVE-2011-3929 (GCVE-0-2011-3929)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04"
},
{
"name": "49089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49089"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3929",
"datePublished": "2012-08-20T18:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3936 (GCVE-0-2011-3936)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49089"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3936",
"datePublished": "2012-08-20T18:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3947 (GCVE-0-2011-3947)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5"
},
{
"name": "49089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49089"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3947",
"datePublished": "2012-08-20T18:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3945 (GCVE-0-2011-3945)
Vulnerability from cvelistv5 – Published: 2012-08-20 20:00 – Updated: 2024-09-17 04:09
VLAI?
EPSS
Summary
The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2012:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=807a045ab7f51993a2c1b3116016cbbd4f3d20d6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-20T20:00:00Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "MDVSA-2012:076",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=807a045ab7f51993a2c1b3116016cbbd4f3d20d6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2012:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=807a045ab7f51993a2c1b3116016cbbd4f3d20d6",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=807a045ab7f51993a2c1b3116016cbbd4f3d20d6"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3945",
"datePublished": "2012-08-20T20:00:00Z",
"dateReserved": "2011-10-01T00:00:00Z",
"dateUpdated": "2024-09-17T04:09:43.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0853 (GCVE-0-2012-0853)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 18:38
VLAI?
EPSS
Summary
The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/trac/ffmpeg/ticket/780"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c509f4f74713b035a06f79cb4d00e708f5226bc5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=c509f4f74713b035a06f79cb4d00e708f5226bc5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/trac/ffmpeg/ticket/780"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c509f4f74713b035a06f79cb4d00e708f5226bc5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=c509f4f74713b035a06f79cb4d00e708f5226bc5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
},
{
"name": "http://ffmpeg.org/trac/ffmpeg/ticket/780",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/trac/ffmpeg/ticket/780"
},
{
"name": "49089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49089"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c509f4f74713b035a06f79cb4d00e708f5226bc5",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c509f4f74713b035a06f79cb4d00e708f5226bc5"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=c509f4f74713b035a06f79cb4d00e708f5226bc5",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=c509f4f74713b035a06f79cb4d00e708f5226bc5"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0853",
"datePublished": "2012-08-20T18:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0858 (GCVE-0-2012-0858)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-09-17 00:31
VLAI?
EPSS
Summary
The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an \"invalid free\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-20T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=204cb29b3c84a74cbcd059d353c70c8bdc567d98"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an \"invalid free\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0858",
"datePublished": "2012-08-20T18:00:00Z",
"dateReserved": "2012-01-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:25.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3937 (GCVE-0-2011-3937)
Vulnerability from cvelistv5 – Published: 2013-01-05 00:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"name": "MDVSA-2013:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/news.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to \"width/height changing with frame threads.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-10T15:57:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"name": "MDVSA-2013:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/news.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to \"width/height changing with frame threads.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"name": "MDVSA-2013:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"name": "http://ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/security.html"
},
{
"name": "http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba",
"refsource": "CONFIRM",
"url": "http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba"
},
{
"name": "http://libav.org/news.html",
"refsource": "CONFIRM",
"url": "http://libav.org/news.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3937",
"datePublished": "2013-01-05T00:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3940 (GCVE-0-2011-3940)
Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 23:53
VLAI?
EPSS
Summary
nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c898431ca5ef2a997fe9388b650f658fb60783e5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a"
},
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers \"use of uninitialized streams.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c898431ca5ef2a997fe9388b650f658fb60783e5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a"
},
{
"name": "USN-1479-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://libav.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers \"use of uninitialized streams.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c898431ca5ef2a997fe9388b650f658fb60783e5",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c898431ca5ef2a997fe9388b650f658fb60783e5"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a"
},
{
"name": "USN-1479-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1479-1"
},
{
"name": "49089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49089"
},
{
"name": "http://ffmpeg.org/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/"
},
{
"name": "DSA-2471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2471"
},
{
"name": "http://libav.org/",
"refsource": "CONFIRM",
"url": "http://libav.org/"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3940",
"datePublished": "2012-08-20T18:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…