Vulnerability Details : CVE-2011-4031
Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2011-4031
Probability of exploitation activity in the next 30 days: 0.69%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4031
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-4031
-
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4031
-
http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n0.8.3
git.videolan.org Git - ffmpeg.git/shortlogThird Party Advisory
-
http://technet.microsoft.com/en-us/security/msvr/msvr11-012
Microsoft Vulnerability Research Advisory MSVR11-012 | Microsoft DocsPatch;Third Party Advisory
-
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c2a2ad133eb9d42361804a568dee336992349a5e
git.videolan.org Git - ffmpeg.git/commitPatch;Third Party Advisory
Products affected by CVE-2011-4031
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*