Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3974

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-3974
Last Modified 21 Aug 2012 11:30:25
Published 02 Oct 2011 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3974

Summary

Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.

Vulnerable Systems

Application

  • Ffmpeg 0.3

  • Ffmpeg 0.3.1

  • Ffmpeg 0.3.2

  • Ffmpeg 0.3.3

  • Ffmpeg 0.3.4

  • Ffmpeg 0.4.0

  • Ffmpeg 0.4.2

  • Ffmpeg 0.4.3

  • Ffmpeg 0.4.4

  • Ffmpeg 0.4.5

  • Ffmpeg 0.4.6

  • Ffmpeg 0.4.7

  • Ffmpeg 0.4.8

  • Ffmpeg 0.4.9

  • Ffmpeg 0.5

  • Ffmpeg 0.5.1

  • Ffmpeg 0.5.2

  • Ffmpeg 0.5.3

  • Ffmpeg 0.5.4

  • Ffmpeg 0.6

  • Ffmpeg 0.6.1

  • Ffmpeg 0.6.2

  • Ffmpeg 0.7.1

  • Ffmpeg 0.7.2

  • Ffmpeg 0.7.3

  • Ffmpeg 0.8.0

  • Ffmpeg 0.8.1

  • Ffmpeg 0.8.2


References

CONFIRM - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bd968d260aef322fb32e254a3de0d2036c57bd56

CONFIRM - http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog

CONFIRM - http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog

MANDRIVA - MDVSA-2012:076

MANDRIVA - MDVSA-2012:075

MANDRIVA - MDVSA-2012:074


Last Updated: 27 May 2016 10:57:36