Vulnerability Details : CVE-2011-3929
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2011-3929
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3929
2.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3929
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-3929
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3929
-
http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04
git.libav.org Git - libav.git/commitdiffExploit;Patch
-
http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b
git.libav.org Git - libav.git/commit
-
http://www.ubuntu.com/usn/USN-1479-1
USN-1479-1: FFmpeg vulnerabilities | Ubuntu security notices
-
http://ffmpeg.org/
FFmpegVendor Advisory
-
http://libav.org/
LibavVendor Advisory
-
http://www.debian.org/security/2012/dsa-2471
Debian -- Security Information -- DSA-2471-1 ffmpeg
Jump to