Vulnerability Details CVE-2011-3362
Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.2%
CVSS Severity
CVSS v2 Score 6.8
References
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=91d5da9321c52e8197fb14046ebb335f3e6ff4a0
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c5cbda50793e311aa73489d12184ffd6761c9fbf
- http://secunia.com/advisories/45532
- http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog
- http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog
- http://www.ocert.org/advisories/ocert-2011-002.html
- http://www.openwall.com/lists/oss-security/2011/09/13/4
- http://www.openwall.com/lists/oss-security/2011/09/14/8
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=91d5da9321c52e8197fb14046ebb335f3e6ff4a0
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c5cbda50793e311aa73489d12184ffd6761c9fbf
- http://secunia.com/advisories/45532
- http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog
- http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog
- http://www.ocert.org/advisories/ocert-2011-002.html
- http://www.openwall.com/lists/oss-security/2011/09/13/4
- http://www.openwall.com/lists/oss-security/2011/09/14/8
Products affected by CVE-2011-3362
-
cpe:2.3:a:ffmpeg:ffmpeg:-
-
cpe:2.3:a:ffmpeg:ffmpeg:0.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.3.1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.3.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.3.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.3.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.0
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.7
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.8
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9_pre1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.10
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.11
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.12
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.13
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.14
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.15
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.7
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.8
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.9
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.7
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.0
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.1
-
cpe:2.3:a:libav:libav:0.3
-
cpe:2.3:a:libav:libav:0.3.1
-
cpe:2.3:a:libav:libav:0.3.2
-
cpe:2.3:a:libav:libav:0.3.3
-
cpe:2.3:a:libav:libav:0.3.4
-
cpe:2.3:a:libav:libav:0.4.0
-
cpe:2.3:a:libav:libav:0.4.1
-
cpe:2.3:a:libav:libav:0.4.2
-
cpe:2.3:a:libav:libav:0.4.3
-
cpe:2.3:a:libav:libav:0.4.4
-
cpe:2.3:a:libav:libav:0.4.5
-
cpe:2.3:a:libav:libav:0.4.6
-
cpe:2.3:a:libav:libav:0.4.7
-
cpe:2.3:a:libav:libav:0.4.8
-
cpe:2.3:a:libav:libav:0.4.9
-
cpe:2.3:a:libav:libav:0.5
-
cpe:2.3:a:libav:libav:0.5.1
-
cpe:2.3:a:libav:libav:0.5.10
-
cpe:2.3:a:libav:libav:0.5.2
-
cpe:2.3:a:libav:libav:0.5.3
-
cpe:2.3:a:libav:libav:0.5.4
-
cpe:2.3:a:libav:libav:0.5.5
-
cpe:2.3:a:libav:libav:0.5.6
-
cpe:2.3:a:libav:libav:0.5.7
-
cpe:2.3:a:libav:libav:0.5.8
-
cpe:2.3:a:libav:libav:0.5.9
-
cpe:2.3:a:libav:libav:0.6
-
cpe:2.3:a:libav:libav:0.6.1
-
cpe:2.3:a:libav:libav:0.6.2
-
cpe:2.3:a:libav:libav:0.6.3
-
cpe:2.3:a:libav:libav:0.6.4
-
cpe:2.3:a:libav:libav:0.6.5
-
cpe:2.3:a:libav:libav:0.6.6
-
cpe:2.3:a:libav:libav:0.7
-
cpe:2.3:a:libav:libav:0.7.1