Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3945

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-3945
Last Modified 21 Aug 2012 12:00:00
Published 20 Aug 2012 04:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3945

Summary

The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.

Vulnerable Systems

Application

  • Ffmpeg 0.7

  • Ffmpeg 0.7.1

  • Ffmpeg 0.7.11

  • Ffmpeg 0.7.2

  • Ffmpeg 0.7.3

  • Ffmpeg 0.7.6

  • Ffmpeg 0.7.7

  • Ffmpeg 0.7.8

  • Ffmpeg 0.7.9

  • Ffmpeg 0.8.0

  • Ffmpeg 0.8.1

  • Ffmpeg 0.8.10

  • Ffmpeg 0.8.2

  • Ffmpeg 0.8.5

  • Ffmpeg 0.8.6

  • Ffmpeg 0.8.7

  • Ffmpeg 0.8.8

  • Libav 0.5

  • Libav 0.5.1

  • Libav 0.5.2

  • Libav 0.5.3

  • Libav 0.5.4

  • Libav 0.5.5

  • Libav 0.5.6

  • Libav 0.5.7

  • Libav 0.6

  • Libav 0.6.1

  • Libav 0.6.2

  • Libav 0.6.3

  • Libav 0.6.4

  • Libav 0.6.5

  • Libav 0.7

  • Libav 0.7.1

  • Libav 0.7.2

  • Libav 0.7.3

  • Libav 0.7.4

  • Libav 0.8


References

MANDRIVA - MDVSA-2012:076

CONFIRM - http://libav.org/

CONFIRM - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=807a045ab7f51993a2c1b3116016cbbd4f3d20d6

CONFIRM - http://git.libav.org/?p=libav.git;a=commit;h=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b

CONFIRM - http://ffmpeg.org/


Last Updated: 27 May 2016 10:49:40