FKIE_CVE-2011-3940

Vulnerability from fkie_nvd - Published: 2012-08-20 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."
References
chrome-cve-admin@google.comhttp://ffmpeg.org/
chrome-cve-admin@google.comhttp://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b
chrome-cve-admin@google.comhttp://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a
chrome-cve-admin@google.comhttp://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c898431ca5ef2a997fe9388b650f658fb60783e5
chrome-cve-admin@google.comhttp://libav.org/
chrome-cve-admin@google.comhttp://secunia.com/advisories/49089
chrome-cve-admin@google.comhttp://www.debian.org/security/2012/dsa-2471
chrome-cve-admin@google.comhttp://www.ubuntu.com/usn/USN-1479-1
af854a3a-2127-422b-91ae-364da2661108http://ffmpeg.org/
af854a3a-2127-422b-91ae-364da2661108http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b
af854a3a-2127-422b-91ae-364da2661108http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a
af854a3a-2127-422b-91ae-364da2661108http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c898431ca5ef2a997fe9388b650f658fb60783e5
af854a3a-2127-422b-91ae-364da2661108http://libav.org/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49089
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2471
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1479-1
Impacted products
Vendor Product Version
ffmpeg ffmpeg 0.7.1
ffmpeg ffmpeg 0.7.2
ffmpeg ffmpeg 0.7.6
ffmpeg ffmpeg 0.7.7
ffmpeg ffmpeg 0.7.8
ffmpeg ffmpeg 0.7.9
ffmpeg ffmpeg 0.7.11
ffmpeg ffmpeg 0.8.5
ffmpeg ffmpeg 0.8.6
ffmpeg ffmpeg 0.8.7
ffmpeg ffmpeg 0.8.8
ffmpeg ffmpeg 0.8.10
libav libav 0.5
libav libav 0.5.1
libav libav 0.5.2
libav libav 0.5.3
libav libav 0.5.4
libav libav 0.5.5
libav libav 0.5.6
libav libav 0.5.7
libav libav 0.6
libav libav 0.6.1
libav libav 0.6.2
libav libav 0.6.3
libav libav 0.6.4
libav libav 0.6.5
libav libav 0.7
libav libav 0.7.1
libav libav 0.7.2
libav libav 0.7.3
libav libav 0.7.4
libav libav 0.8
libav libav 0.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07669E0E-8C4B-430E-802F-F64EEA2B5A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3EB7F17-F25D-4E48-8A43-F799619CE71F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73E9E8F4-A942-4F34-BCE2-82A180F1DD1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAA31D75-C3FB-4D89-8B2D-21372AAEB78B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B20E5358-826C-47A2-B39F-ED4E9213BA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "26321888-E140-4F09-AAA0-7392AA7F6307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F428A2E4-A54F-4296-A00F-1A4E160253D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5239E4FA-0359-49F1-93D4-24AB013FAC20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0C8230D-4E89-45F9-B0F7-E317119E0FA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "585CE7D2-1CE8-44AB-AE67-07D7D3721F68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F27FF9C0-652E-42E8-90D0-B9B369DD6C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F27211-2DFC-4488-93D2-9A3664E593AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6418D3A-9972-4819-B2E6-2510438698A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF17452C-ED28-4558-9C90-102DF5485103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CECEC54E-7014-447C-9174-8C2B026FF0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31BE32E4-9577-4BA7-A275-67A86DB7BCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A3CC3F-C294-4DB3-97AE-1CFBED14A8AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E252038-F5E0-427F-8E59-FFD633497D09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD1BB7A-D6FF-4B80-9DA6-36D081FB41CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "530C27CC-3250-4C94-8D88-F423FFD0BD4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "936C1855-67FB-49C3-A20A-3FE331403366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92EB185C-1909-4359-B0C1-681E4ABEEECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "136C7881-DB5A-4018-B01F-D2F9069F53D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "090BF77B-A099-4ECD-A9BC-AAD4B499F4C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "18053821-801F-4652-AA73-9FDC5F562BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5322AE7-8CAD-45EF-9955-37D16EBBDD40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFCDCA15-DF61-4150-96D7-10D68D07DAD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D50C72-65B2-4490-9259-2A436207A72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3BCDD63-DECF-4494-BCA7-30BFEE7055D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4953EC2E-BCD6-41B5-AEB3-0D82C15363A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CEBE4E3-50F3-43CB-911F-E1B52C2B8B3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers \"use of uninitialized streams.\""
    },
    {
      "lang": "es",
      "value": "nsvdec.c en libavcodec de FFmpeg en v0.7.x antes de v0.7.12 y v0.8.x antes de v0.8.11, y en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.5 y v0.8.x antes de v0.8.1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura y escritura fuera de l\u00edmites) a trav\u00e9s de un archivo modificado que provoca \"el uso de flujos sin inicializar\".\r\n"
    }
  ],
  "id": "CVE-2011-3940",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-08-20T18:55:02.153",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://ffmpeg.org/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c898431ca5ef2a997fe9388b650f658fb60783e5"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://libav.org/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://secunia.com/advisories/49089"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.debian.org/security/2012/dsa-2471"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ffmpeg.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c898431ca5ef2a997fe9388b650f658fb60783e5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://libav.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.