Vulnerability Details CVE-2011-3952
The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.4%
CVSS Severity
CVSS v2 Score 6.8
References
- http://ffmpeg.org/
- http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=386741f887714d3e46c9e8fe577e326a7964037b
- http://libav.org/
- http://www.debian.org/security/2012/dsa-2494
- http://www.ubuntu.com/usn/USN-1479-1
- http://ffmpeg.org/
- http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=386741f887714d3e46c9e8fe577e326a7964037b
- http://libav.org/
- http://www.debian.org/security/2012/dsa-2494
- http://www.ubuntu.com/usn/USN-1479-1
Products affected by CVE-2011-3952
-
cpe:2.3:a:ffmpeg:ffmpeg:-
-
cpe:2.3:a:ffmpeg:ffmpeg:0.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.3.1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.3.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.3.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.3.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.0
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.7
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.8
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9
-
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9_pre1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.10
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.11
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.12
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.13
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.14
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.15
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.7
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.8
-
cpe:2.3:a:ffmpeg:ffmpeg:0.5.9
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.6.7
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.10
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.11
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.12
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.13
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.14
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.15
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.16
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.17
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.7
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.8
-
cpe:2.3:a:ffmpeg:ffmpeg:0.7.9
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.0
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.1
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.10
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.11
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.12
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.13
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.14
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.15
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.2
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.5
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.6
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.7
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.8
-
cpe:2.3:a:ffmpeg:ffmpeg:0.8.9
-
cpe:2.3:a:ffmpeg:ffmpeg:0.9
-
cpe:2.3:a:ffmpeg:ffmpeg:0.9.1
-
cpe:2.3:a:libav:libav:0.5
-
cpe:2.3:a:libav:libav:0.5.1
-
cpe:2.3:a:libav:libav:0.5.2
-
cpe:2.3:a:libav:libav:0.5.3
-
cpe:2.3:a:libav:libav:0.6
-
cpe:2.3:a:libav:libav:0.6.1
-
cpe:2.3:a:libav:libav:0.6.2
-
cpe:2.3:a:libav:libav:0.6.3
-
cpe:2.3:a:libav:libav:0.7
-
cpe:2.3:a:libav:libav:0.7.1
-
cpe:2.3:a:libav:libav:0.7.2
-
cpe:2.3:a:libav:libav:0.7.3
-
cpe:2.3:a:libav:libav:0.7.4
-
cpe:2.3:a:libav:libav:0.7.5
-
cpe:2.3:a:libav:libav:0.8