cvelistv5 - CVE-2011-3929

CVE-2011-3929 (GCVE-0-2011-3929)

Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 23:53

Summary

The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.

Severity ?

No CVSS data available.

CWE

Assigner

Chrome

References

URL

Tags

	http://www.ubuntu.com/usn/USN-1479-1	vendor-advisoryx_refsource_UBUNTU
	http://git.libav.org/?p=libav.git%3Ba=commitdiff%…	x_refsource_CONFIRM
	http://secunia.com/advisories/49089	third-party-advisoryx_refsource_SECUNIA
	http://ffmpeg.org/	x_refsource_CONFIRM
	http://www.debian.org/security/2012/dsa-2471	vendor-advisoryx_refsource_DEBIAN
	http://libav.org/	x_refsource_CONFIRM
	http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:53:32.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1479-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1479-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
          },
          {
            "name": "49089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49089"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ffmpeg.org/"
          },
          {
            "name": "DSA-2471",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2471"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://libav.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-30T09:00:00",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "USN-1479-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1479-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
        },
        {
          "name": "49089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49089"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ffmpeg.org/"
        },
        {
          "name": "DSA-2471",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2471"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://libav.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2011-3929",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-1479-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1479-1"
            },
            {
              "name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04",
              "refsource": "CONFIRM",
              "url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04"
            },
            {
              "name": "49089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49089"
            },
            {
              "name": "http://ffmpeg.org/",
              "refsource": "CONFIRM",
              "url": "http://ffmpeg.org/"
            },
            {
              "name": "DSA-2471",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2471"
            },
            {
              "name": "http://libav.org/",
              "refsource": "CONFIRM",
              "url": "http://libav.org/"
            },
            {
              "name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
              "refsource": "CONFIRM",
              "url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2011-3929",
    "datePublished": "2012-08-20T18:00:00",
    "dateReserved": "2011-10-01T00:00:00",
    "dateUpdated": "2024-08-06T23:53:32.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07669E0E-8C4B-430E-802F-F64EEA2B5A0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3EB7F17-F25D-4E48-8A43-F799619CE71F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73E9E8F4-A942-4F34-BCE2-82A180F1DD1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAA31D75-C3FB-4D89-8B2D-21372AAEB78B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B20E5358-826C-47A2-B39F-ED4E9213BA95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26321888-E140-4F09-AAA0-7392AA7F6307\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F428A2E4-A54F-4296-A00F-1A4E160253D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5239E4FA-0359-49F1-93D4-24AB013FAC20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0C8230D-4E89-45F9-B0F7-E317119E0FA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"585CE7D2-1CE8-44AB-AE67-07D7D3721F68\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F27FF9C0-652E-42E8-90D0-B9B369DD6C8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15F27211-2DFC-4488-93D2-9A3664E593AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6418D3A-9972-4819-B2E6-2510438698A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF17452C-ED28-4558-9C90-102DF5485103\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CECEC54E-7014-447C-9174-8C2B026FF0B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31BE32E4-9577-4BA7-A275-67A86DB7BCE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16A3CC3F-C294-4DB3-97AE-1CFBED14A8AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E252038-F5E0-427F-8E59-FFD633497D09\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABD1BB7A-D6FF-4B80-9DA6-36D081FB41CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"530C27CC-3250-4C94-8D88-F423FFD0BD4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"936C1855-67FB-49C3-A20A-3FE331403366\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92EB185C-1909-4359-B0C1-681E4ABEEECF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"136C7881-DB5A-4018-B01F-D2F9069F53D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"090BF77B-A099-4ECD-A9BC-AAD4B499F4C4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18053821-801F-4652-AA73-9FDC5F562BA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5322AE7-8CAD-45EF-9955-37D16EBBDD40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFCDCA15-DF61-4150-96D7-10D68D07DAD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2D50C72-65B2-4490-9259-2A436207A72D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3BCDD63-DECF-4494-BCA7-30BFEE7055D0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4953EC2E-BCD6-41B5-AEB3-0D82C15363A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CEBE4E3-50F3-43CB-911F-E1B52C2B8B3A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n avpriv_dv_produce_packet en libavcodec de FFmpeg v0.7.x antes de v0.7.12 y y v0.8.x antes de v0.8.11 en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.5 y v0.8.x antes de v0.8.1 permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (desreferencia a puntero NULL y ca\\u00edda de la aplicaci\\u00f3n) y posiblemente ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un archivo DV modificado.\\r\\n\"}]",
      "id": "CVE-2011-3929",
      "lastModified": "2024-11-21T01:31:33.520",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2012-08-20T18:55:01.620",
      "references": "[{\"url\": \"http://ffmpeg.org/\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://libav.org/\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://secunia.com/advisories/49089\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.debian.org/security/2012/dsa-2471\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1479-1\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://ffmpeg.org/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://libav.org/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/49089\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2012/dsa-2471\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1479-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-3929\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2012-08-20T18:55:01.620\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n avpriv_dv_produce_packet en libavcodec de FFmpeg v0.7.x antes de v0.7.12 y y v0.8.x antes de v0.8.11 en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.5 y v0.8.x antes de v0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia a puntero NULL y ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo DV modificado.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07669E0E-8C4B-430E-802F-F64EEA2B5A0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EB7F17-F25D-4E48-8A43-F799619CE71F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73E9E8F4-A942-4F34-BCE2-82A180F1DD1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAA31D75-C3FB-4D89-8B2D-21372AAEB78B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B20E5358-826C-47A2-B39F-ED4E9213BA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26321888-E140-4F09-AAA0-7392AA7F6307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F428A2E4-A54F-4296-A00F-1A4E160253D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5239E4FA-0359-49F1-93D4-24AB013FAC20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0C8230D-4E89-45F9-B0F7-E317119E0FA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585CE7D2-1CE8-44AB-AE67-07D7D3721F68\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F27FF9C0-652E-42E8-90D0-B9B369DD6C8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F27211-2DFC-4488-93D2-9A3664E593AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6418D3A-9972-4819-B2E6-2510438698A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF17452C-ED28-4558-9C90-102DF5485103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CECEC54E-7014-447C-9174-8C2B026FF0B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31BE32E4-9577-4BA7-A275-67A86DB7BCE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16A3CC3F-C294-4DB3-97AE-1CFBED14A8AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E252038-F5E0-427F-8E59-FFD633497D09\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABD1BB7A-D6FF-4B80-9DA6-36D081FB41CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"530C27CC-3250-4C94-8D88-F423FFD0BD4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"936C1855-67FB-49C3-A20A-3FE331403366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92EB185C-1909-4359-B0C1-681E4ABEEECF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"136C7881-DB5A-4018-B01F-D2F9069F53D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090BF77B-A099-4ECD-A9BC-AAD4B499F4C4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18053821-801F-4652-AA73-9FDC5F562BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5322AE7-8CAD-45EF-9955-37D16EBBDD40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFCDCA15-DF61-4150-96D7-10D68D07DAD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D50C72-65B2-4490-9259-2A436207A72D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BCDD63-DECF-4494-BCA7-30BFEE7055D0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4953EC2E-BCD6-41B5-AEB3-0D82C15363A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CEBE4E3-50F3-43CB-911F-E1B52C2B8B3A\"}]}]}],\"references\":[{\"url\":\"http://ffmpeg.org/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://libav.org/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://secunia.com/advisories/49089\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2471\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1479-1\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://ffmpeg.org/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://libav.org/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/49089\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2471\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1479-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2011-3929

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-3929

Aliases

CVE-2011-3929

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3929",
    "description": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.",
    "id": "GSD-2011-3929",
    "references": [
      "https://www.debian.org/security/2012/dsa-2471"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3929"
      ],
      "details": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.",
      "id": "GSD-2011-3929",
      "modified": "2023-12-13T01:19:10.017319Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@google.com",
        "ID": "CVE-2011-3929",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "USN-1479-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1479-1"
          },
          {
            "name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04",
            "refsource": "CONFIRM",
            "url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04"
          },
          {
            "name": "49089",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49089"
          },
          {
            "name": "http://ffmpeg.org/",
            "refsource": "CONFIRM",
            "url": "http://ffmpeg.org/"
          },
          {
            "name": "DSA-2471",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2471"
          },
          {
            "name": "http://libav.org/",
            "refsource": "CONFIRM",
            "url": "http://libav.org/"
          },
          {
            "name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
            "refsource": "CONFIRM",
            "url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2011-3929"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2471",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2471"
            },
            {
              "name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
            },
            {
              "name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04"
            },
            {
              "name": "http://libav.org/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://libav.org/"
            },
            {
              "name": "http://ffmpeg.org/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://ffmpeg.org/"
            },
            {
              "name": "USN-1479-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1479-1"
            },
            {
              "name": "49089",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49089"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2012-10-30T03:57Z",
      "publishedDate": "2012-08-20T18:55Z"
    }
  }
}

CERTA-2012-AVI-039

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans FFmpeg permettent d'effectuer une exécution de code ou un deni de service à distance.

Description

De multiples vulnérabilités ont été corrigées dans FFmpeg. Ces vulnérabilités permettent à une personne malintentionnée d'effectuer une exécution de code ou un deni de service à distance au moyen d'un fichier spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La version 0.10 corrige le problème.

FFmpeg versions antérieures à 0.10.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité FFmpeg

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFFmpeg versions ant\u00e9rieures \u00e0 0.10.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans FFmpeg. Ces\nvuln\u00e9rabilit\u00e9s permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code ou un deni de service \u00e0 distance au moyen d\u0027un fichier\nsp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). La version 0.10 corrige le\nprobl\u00e8me.\n",
  "cves": [
    {
      "name": "CVE-2011-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
    },
    {
      "name": "CVE-2011-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3950"
    },
    {
      "name": "CVE-2011-3929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
    },
    {
      "name": "CVE-2011-3936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
    },
    {
      "name": "CVE-2011-3937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
    },
    {
      "name": "CVE-2011-3940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
    },
    {
      "name": "CVE-2011-3947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
    },
    {
      "name": "CVE-2011-3934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3934"
    },
    {
      "name": "CVE-2011-3949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3949"
    },
    {
      "name": "CVE-2011-3952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3952"
    },
    {
      "name": "CVE-2011-3946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3946"
    },
    {
      "name": "CVE-2011-3935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3935"
    },
    {
      "name": "CVE-2011-3944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3944"
    },
    {
      "name": "CVE-2011-3941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3941"
    },
    {
      "name": "CVE-2011-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3951"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-039",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans FFmpeg permettent d\u0027effectuer\nune ex\u00e9cution de code ou un deni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FFmpeg",
      "url": "http://ffmpeg.org/security.html"
    }
  ]
}

CERTA-2012-AVI-253

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les versions 0.7 et 0.8 de FFmpeg. Ces vulnérabilités peuvent être exploitées par une personne malveillante distante pour effectuer un déni de service ou pour compromettre un système au moyen d'un fichier spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	FFmpeg 0.8 versions antérieures à 0.8.11 ;
	N/A	N/A	FFmepg 0.7 versions antérieures à 0.7.12.

References

Title

Publication Time

Tags

Bulletin FFmpeg

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FFmpeg 0.8 versions ant\u00e9rieures \u00e0 0.8.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "FFmepg 0.7 versions ant\u00e9rieures \u00e0 0.7.12.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
    },
    {
      "name": "CVE-2011-3929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
    },
    {
      "name": "CVE-2011-3936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
    },
    {
      "name": "CVE-2011-3937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
    },
    {
      "name": "CVE-2011-3940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
    },
    {
      "name": "CVE-2011-3947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
    },
    {
      "name": "CVE-2012-0853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0853"
    },
    {
      "name": "CVE-2012-0858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0858"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-253",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les versions 0.7 et\n0.8 de FFmpeg. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par une\npersonne malveillante distante pour effectuer un d\u00e9ni de service ou pour\ncompromettre un syst\u00e8me au moyen d\u0027un fichier sp\u00e9cialement con\u00e7u.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin FFmpeg",
      "url": "http://ffmpeg.org/index.html#pr0811"
    }
  ]
}

CERTA-2012-AVI-253

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	FFmpeg 0.8 versions antérieures à 0.8.11 ;
	N/A	N/A	FFmepg 0.7 versions antérieures à 0.7.12.

References

Title

Publication Time

Tags

Bulletin FFmpeg

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FFmpeg 0.8 versions ant\u00e9rieures \u00e0 0.8.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "FFmepg 0.7 versions ant\u00e9rieures \u00e0 0.7.12.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
    },
    {
      "name": "CVE-2011-3929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
    },
    {
      "name": "CVE-2011-3936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
    },
    {
      "name": "CVE-2011-3937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
    },
    {
      "name": "CVE-2011-3940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
    },
    {
      "name": "CVE-2011-3947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
    },
    {
      "name": "CVE-2012-0853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0853"
    },
    {
      "name": "CVE-2012-0858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0858"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-253",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les versions 0.7 et\n0.8 de FFmpeg. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par une\npersonne malveillante distante pour effectuer un d\u00e9ni de service ou pour\ncompromettre un syst\u00e8me au moyen d\u0027un fichier sp\u00e9cialement con\u00e7u.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin FFmpeg",
      "url": "http://ffmpeg.org/index.html#pr0811"
    }
  ]
}

CERTA-2012-AVI-039

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans FFmpeg permettent d'effectuer une exécution de code ou un deni de service à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La version 0.10 corrige le problème.

FFmpeg versions antérieures à 0.10.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité FFmpeg

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFFmpeg versions ant\u00e9rieures \u00e0 0.10.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans FFmpeg. Ces\nvuln\u00e9rabilit\u00e9s permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code ou un deni de service \u00e0 distance au moyen d\u0027un fichier\nsp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). La version 0.10 corrige le\nprobl\u00e8me.\n",
  "cves": [
    {
      "name": "CVE-2011-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
    },
    {
      "name": "CVE-2011-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3950"
    },
    {
      "name": "CVE-2011-3929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
    },
    {
      "name": "CVE-2011-3936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
    },
    {
      "name": "CVE-2011-3937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
    },
    {
      "name": "CVE-2011-3940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
    },
    {
      "name": "CVE-2011-3947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
    },
    {
      "name": "CVE-2011-3934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3934"
    },
    {
      "name": "CVE-2011-3949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3949"
    },
    {
      "name": "CVE-2011-3952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3952"
    },
    {
      "name": "CVE-2011-3946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3946"
    },
    {
      "name": "CVE-2011-3935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3935"
    },
    {
      "name": "CVE-2011-3944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3944"
    },
    {
      "name": "CVE-2011-3941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3941"
    },
    {
      "name": "CVE-2011-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3951"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-039",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans FFmpeg permettent d\u0027effectuer\nune ex\u00e9cution de code ou un deni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FFmpeg",
      "url": "http://ffmpeg.org/security.html"
    }
  ]
}

GHSA-VFM7-QG4X-5FG2

Vulnerability from github – Published: 2022-05-17 05:19 – Updated: 2025-04-11 04:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-08-20T18:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.",
  "id": "GHSA-vfm7-qg4x-5fg2",
  "modified": "2025-04-11T04:00:52Z",
  "published": "2022-05-17T05:19:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3929"
    },
    {
      "type": "WEB",
      "url": "http://ffmpeg.org"
    },
    {
      "type": "WEB",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
    },
    {
      "type": "WEB",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
    },
    {
      "type": "WEB",
      "url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
    },
    {
      "type": "WEB",
      "url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04"
    },
    {
      "type": "WEB",
      "url": "http://libav.org"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49089"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2471"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-3929

Vulnerability from fkie_nvd - Published: 2012-08-20 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	chrome-cve-admin@google.com	http://ffmpeg.org/
	chrome-cve-admin@google.com	http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b
	chrome-cve-admin@google.com	http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04
	chrome-cve-admin@google.com	http://libav.org/
	chrome-cve-admin@google.com	http://secunia.com/advisories/49089
	chrome-cve-admin@google.com	http://www.debian.org/security/2012/dsa-2471
	chrome-cve-admin@google.com	http://www.ubuntu.com/usn/USN-1479-1
	af854a3a-2127-422b-91ae-364da2661108	http://ffmpeg.org/
	af854a3a-2127-422b-91ae-364da2661108	http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b
	af854a3a-2127-422b-91ae-364da2661108	http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04
	af854a3a-2127-422b-91ae-364da2661108	http://libav.org/
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49089
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2471
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1479-1

Impacted products

Vendor	Product	Version
ffmpeg	ffmpeg	0.7.1
ffmpeg	ffmpeg	0.7.2
ffmpeg	ffmpeg	0.7.6
ffmpeg	ffmpeg	0.7.7
ffmpeg	ffmpeg	0.7.8
ffmpeg	ffmpeg	0.7.9
ffmpeg	ffmpeg	0.7.11
ffmpeg	ffmpeg	0.8.5
ffmpeg	ffmpeg	0.8.6
ffmpeg	ffmpeg	0.8.7
ffmpeg	ffmpeg	0.8.8
ffmpeg	ffmpeg	0.8.10
libav	libav	0.5
libav	libav	0.5.1
libav	libav	0.5.2
libav	libav	0.5.3
libav	libav	0.5.4
libav	libav	0.5.5
libav	libav	0.5.6
libav	libav	0.5.7
libav	libav	0.6
libav	libav	0.6.1
libav	libav	0.6.2
libav	libav	0.6.3
libav	libav	0.6.4
libav	libav	0.6.5
libav	libav	0.7
libav	libav	0.7.1
libav	libav	0.7.2
libav	libav	0.7.3
libav	libav	0.7.4
libav	libav	0.8
libav	libav	0.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07669E0E-8C4B-430E-802F-F64EEA2B5A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3EB7F17-F25D-4E48-8A43-F799619CE71F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73E9E8F4-A942-4F34-BCE2-82A180F1DD1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAA31D75-C3FB-4D89-8B2D-21372AAEB78B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B20E5358-826C-47A2-B39F-ED4E9213BA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "26321888-E140-4F09-AAA0-7392AA7F6307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F428A2E4-A54F-4296-A00F-1A4E160253D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5239E4FA-0359-49F1-93D4-24AB013FAC20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0C8230D-4E89-45F9-B0F7-E317119E0FA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "585CE7D2-1CE8-44AB-AE67-07D7D3721F68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F27FF9C0-652E-42E8-90D0-B9B369DD6C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F27211-2DFC-4488-93D2-9A3664E593AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6418D3A-9972-4819-B2E6-2510438698A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF17452C-ED28-4558-9C90-102DF5485103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CECEC54E-7014-447C-9174-8C2B026FF0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31BE32E4-9577-4BA7-A275-67A86DB7BCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A3CC3F-C294-4DB3-97AE-1CFBED14A8AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E252038-F5E0-427F-8E59-FFD633497D09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD1BB7A-D6FF-4B80-9DA6-36D081FB41CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "530C27CC-3250-4C94-8D88-F423FFD0BD4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "936C1855-67FB-49C3-A20A-3FE331403366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92EB185C-1909-4359-B0C1-681E4ABEEECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "136C7881-DB5A-4018-B01F-D2F9069F53D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "090BF77B-A099-4ECD-A9BC-AAD4B499F4C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "18053821-801F-4652-AA73-9FDC5F562BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5322AE7-8CAD-45EF-9955-37D16EBBDD40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFCDCA15-DF61-4150-96D7-10D68D07DAD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D50C72-65B2-4490-9259-2A436207A72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3BCDD63-DECF-4494-BCA7-30BFEE7055D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4953EC2E-BCD6-41B5-AEB3-0D82C15363A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CEBE4E3-50F3-43CB-911F-E1B52C2B8B3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n avpriv_dv_produce_packet en libavcodec de FFmpeg v0.7.x antes de v0.7.12 y y v0.8.x antes de v0.8.11 en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.5 y v0.8.x antes de v0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia a puntero NULL y ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo DV modificado.\r\n"
    }
  ],
  "id": "CVE-2011-3929",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-08-20T18:55:01.620",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://ffmpeg.org/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://libav.org/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://secunia.com/advisories/49089"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.debian.org/security/2012/dsa-2471"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ffmpeg.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://libav.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-3929 (GCVE-0-2011-3929)

GSD-2011-3929

CERTA-2012-AVI-039

Description

Solution

CERTA-2012-AVI-253

Solution

CERTA-2012-AVI-253

Solution

CERTA-2012-AVI-039

Description

Solution

GHSA-VFM7-QG4X-5FG2

FKIE_CVE-2011-3929

Tags

Sightings

Nomenclature