Main Vulnerability Database Vulnerabilities #VU43699

Buffer overflow in FFmpeg and Libav - CVE-2011-3940

Published: August 20, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43699

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-3940

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ffmpeg.sourceforge.net
Libav

Affected software:
FFmpeg
Libav

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."

How to mitigate CVE-2011-3940

Install update from vendor's website.

Buffer overflow in FFmpeg and Libav - CVE-2011-3940

Detailed vulnerability description

How to mitigate CVE-2011-3940

Sources

Please verify you're human