Main Vulnerability Database Vulnerabilities #VU44101

Input validation error in FFmpeg - CVE-2011-4031

Published: May 9, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU44101

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2011-4031

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ffmpeg.sourceforge.net

Affected software:
FFmpeg

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet.

How to mitigate CVE-2011-4031

Install update from vendor's website.

Sources

http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c2a2ad133eb9d42361804a568dee336992349a5e
http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n0.8.3
http://technet.microsoft.com/en-us/security/msvr/msvr11-012

Input validation error in FFmpeg - CVE-2011-4031

Detailed vulnerability description

How to mitigate CVE-2011-4031

Sources

Please verify you're human