Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-3946 (GCVE-0-2011-3946)
Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 23:53- n/a
| URL | Tags |
|---|---|
| http://www.ffmpeg.org/security.html | x_refsource_CONFIRM |
| http://git.videolan.org/?p=ffmpeg.git%3Ba=commitd… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9decfc17bb76da34734296048d390b176abf404c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-09T04:57:00.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ffmpeg.org/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9decfc17bb76da34734296048d390b176abf404c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3946",
"datePublished": "2013-12-09T11:00:00.000Z",
"dateReserved": "2011-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2011-3946",
"date": "2026-07-16",
"epss": "0.05715",
"percentile": "0.92154"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2011-3946\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2013-12-09T16:35:44.097\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ff_h264_decode_sei en libavcodec/h264_sei.c en FFmpeg anteriores a 0.10 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s datos \\\"Supplemental enhancement information\\\" (SEI), lo que dispara un bucle infinito.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.9.1\",\"matchCriteriaId\":\"3A79213F-BAB7-4FF2-99AC-91BFAF4BF2CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2649A80-4739-4BBB-AB0B-99AD435BE7CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4A2E77D-B826-4B49-ADC8-7F704E149A5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18157837-4550-45E3-A12E-AE06E047E253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9F42611-C3E2-416B-9AE7-A5AE83E4DEF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A20789F-26E3-4871-B24E-25E922BADDF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67C6C243-3ACC-49C3-80CA-D7CA8FEFF0D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AE6D368-0BA6-4499-B7E1-EE16C03012E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26C0F6EF-0452-4AFE-AF3E-B88F963A0938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B4DD372-4D3B-445C-8C38-E083A3C0D4A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"733C03D7-2780-4D69-A98D-BCFB91D1119A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AEE1977-E9E0-4BFF-B33B-B083E49E51F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6979C17-0BC6-47D1-9B73-254D84306A96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"204C7C05-3441-4DB0-8702-D99C8FCB381E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E1A7011-B992-4E35-B306-45772DACB23C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D486C17-FC4A-4AEE-A430-1B1FBCC2C27C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"632BC7C2-FE59-47B0-885C-0EB8C74DF041\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D1AE0BF-A6FD-4EBA-BF61-07AC81EA560D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8FA106-FE65-4BB0-92A7-E8A5AF978A9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"514669DA-8D02-44CE-BE18-8783F69AE394\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8041E6ED-472A-40DF-AA90-F3509D90D47A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2C64382-9259-4D61-B352-7F123527289C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A152D9-947E-4198-9C2D-2A582F09AB75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37FBB817-A186-4517-9DA7-B3638576AAE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"157ABA40-6101-4E9C-A24C-84F8E23D374D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7EA46DD-2CC4-426F-8709-821B7572C94A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DE12C59-4409-4F7A-9759-7B26FA9DAC34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30FE6578-F031-4F5B-B955-8F912CFCA1B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07669E0E-8C4B-430E-802F-F64EEA2B5A0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EB7F17-F25D-4E48-8A43-F799619CE71F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60705A3B-7136-45D1-8068-E2DC9E01EB04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C722B143-2648-4EB2-A090-7B788F41F300\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B31AFDBC-A782-4C18-8EAA-6D927397BEA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73E9E8F4-A942-4F34-BCE2-82A180F1DD1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAA31D75-C3FB-4D89-8B2D-21372AAEB78B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B20E5358-826C-47A2-B39F-ED4E9213BA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26321888-E140-4F09-AAA0-7392AA7F6307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44800572-71C5-4AA1-9CB6-30AA902B0353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87090477-1D36-48B3-88AE-5CD5EE8F89D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2096FF8B-9B57-4C59-84DB-9CC0DEAB47AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34C99254-776C-4AAD-BDA2-3F544256AA67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FDBF2C0-8E33-4575-8A19-4F1CABA3023F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72040664-077A-48FB-9E6B-B69EA8D26CB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F428A2E4-A54F-4296-A00F-1A4E160253D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5239E4FA-0359-49F1-93D4-24AB013FAC20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0C8230D-4E89-45F9-B0F7-E317119E0FA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585CE7D2-1CE8-44AB-AE67-07D7D3721F68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE81C339-A794-4303-B829-BE743DF0B132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CE0A27B-66D7-4D1B-8E6A-F4722C070BD3\"}]}]}],\"references\":[{\"url\":\"http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9decfc17bb76da34734296048d390b176abf404c\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.ffmpeg.org/security.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9decfc17bb76da34734296048d390b176abf404c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ffmpeg.org/security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2012-AVI-039
Vulnerability from certfr_avis - Published: 2012-01-31 - Updated: 2012-01-31
De multiples vulnérabilités présentes dans FFmpeg permettent d'effectuer une exécution de code ou un deni de service à distance.
Description
De multiples vulnérabilités ont été corrigées dans FFmpeg. Ces vulnérabilités permettent à une personne malintentionnée d'effectuer une exécution de code ou un deni de service à distance au moyen d'un fichier spécialement conçu.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La version 0.10 corrige le problème.
FFmpeg versions antérieures à 0.10.
| Vendor | Product | Description |
|---|
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eFFmpeg versions ant\u00e9rieures \u00e0 0.10.\u003c/p\u003e",
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans FFmpeg. Ces\nvuln\u00e9rabilit\u00e9s permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code ou un deni de service \u00e0 distance au moyen d\u0027un fichier\nsp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). La version 0.10 corrige le\nprobl\u00e8me.\n",
"cves": [
{
"name": "CVE-2011-3945",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
},
{
"name": "CVE-2011-3950",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3950"
},
{
"name": "CVE-2011-3929",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
},
{
"name": "CVE-2011-3936",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
},
{
"name": "CVE-2011-3937",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
},
{
"name": "CVE-2011-3940",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
},
{
"name": "CVE-2011-3947",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
},
{
"name": "CVE-2011-3934",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3934"
},
{
"name": "CVE-2011-3949",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3949"
},
{
"name": "CVE-2011-3952",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3952"
},
{
"name": "CVE-2011-3946",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3946"
},
{
"name": "CVE-2011-3935",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3935"
},
{
"name": "CVE-2011-3944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3944"
},
{
"name": "CVE-2011-3941",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3941"
},
{
"name": "CVE-2011-3951",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3951"
}
],
"initial_release_date": "2012-01-31T00:00:00",
"last_revision_date": "2012-01-31T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-039",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans FFmpeg permettent d\u0027effectuer\nune ex\u00e9cution de code ou un deni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FFmpeg",
"url": "http://ffmpeg.org/security.html"
}
]
}
FKIE_CVE-2011-3946
Vulnerability from fkie_nvd - Published: 2013-12-09 16:35 - Updated: 2026-06-16 23:34{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "chrome-cve-admin@google.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A79213F-BAB7-4FF2-99AC-91BFAF4BF2CF",
"versionEndIncluding": "0.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2649A80-4739-4BBB-AB0B-99AD435BE7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A2E77D-B826-4B49-ADC8-7F704E149A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18157837-4550-45E3-A12E-AE06E047E253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F42611-C3E2-416B-9AE7-A5AE83E4DEF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A20789F-26E3-4871-B24E-25E922BADDF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67C6C243-3ACC-49C3-80CA-D7CA8FEFF0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE6D368-0BA6-4499-B7E1-EE16C03012E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26C0F6EF-0452-4AFE-AF3E-B88F963A0938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4DD372-4D3B-445C-8C38-E083A3C0D4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "733C03D7-2780-4D69-A98D-BCFB91D1119A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEE1977-E9E0-4BFF-B33B-B083E49E51F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E6979C17-0BC6-47D1-9B73-254D84306A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "204C7C05-3441-4DB0-8702-D99C8FCB381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*",
"matchCriteriaId": "2E1A7011-B992-4E35-B306-45772DACB23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D486C17-FC4A-4AEE-A430-1B1FBCC2C27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "632BC7C2-FE59-47B0-885C-0EB8C74DF041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1AE0BF-A6FD-4EBA-BF61-07AC81EA560D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8FA106-FE65-4BB0-92A7-E8A5AF978A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "514669DA-8D02-44CE-BE18-8783F69AE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8041E6ED-472A-40DF-AA90-F3509D90D47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C64382-9259-4D61-B352-7F123527289C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32A152D9-947E-4198-9C2D-2A582F09AB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "37FBB817-A186-4517-9DA7-B3638576AAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "157ABA40-6101-4E9C-A24C-84F8E23D374D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EA46DD-2CC4-426F-8709-821B7572C94A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE12C59-4409-4F7A-9759-7B26FA9DAC34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "30FE6578-F031-4F5B-B955-8F912CFCA1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07669E0E-8C4B-430E-802F-F64EEA2B5A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EB7F17-F25D-4E48-8A43-F799619CE71F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60705A3B-7136-45D1-8068-E2DC9E01EB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C722B143-2648-4EB2-A090-7B788F41F300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B31AFDBC-A782-4C18-8EAA-6D927397BEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "73E9E8F4-A942-4F34-BCE2-82A180F1DD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA31D75-C3FB-4D89-8B2D-21372AAEB78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B20E5358-826C-47A2-B39F-ED4E9213BA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "26321888-E140-4F09-AAA0-7392AA7F6307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "44800572-71C5-4AA1-9CB6-30AA902B0353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87090477-1D36-48B3-88AE-5CD5EE8F89D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2096FF8B-9B57-4C59-84DB-9CC0DEAB47AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C99254-776C-4AAD-BDA2-3F544256AA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FDBF2C0-8E33-4575-8A19-4F1CABA3023F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72040664-077A-48FB-9E6B-B69EA8D26CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F428A2E4-A54F-4296-A00F-1A4E160253D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5239E4FA-0359-49F1-93D4-24AB013FAC20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C8230D-4E89-45F9-B0F7-E317119E0FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "585CE7D2-1CE8-44AB-AE67-07D7D3721F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EE81C339-A794-4303-B829-BE743DF0B132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE0A27B-66D7-4D1B-8E6A-F4722C070BD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop."
},
{
"lang": "es",
"value": "La funci\u00f3n ff_h264_decode_sei en libavcodec/h264_sei.c en FFmpeg anteriores a 0.10 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s datos \"Supplemental enhancement information\" (SEI), lo que dispara un bucle infinito."
}
],
"id": "CVE-2011-3946",
"lastModified": "2026-06-16T23:34:11.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-09T16:35:44.097",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9decfc17bb76da34734296048d390b176abf404c"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.ffmpeg.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9decfc17bb76da34734296048d390b176abf404c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ffmpeg.org/security.html"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WWFJ-H5PC-CMM2
Vulnerability from github – Published: 2022-05-17 04:56 – Updated: 2025-04-11 04:16The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.
{
"affected": [],
"aliases": [
"CVE-2011-3946"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-12-09T16:35:00Z",
"severity": "MODERATE"
},
"details": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.",
"id": "GHSA-wwfj-h5pc-cmm2",
"modified": "2025-04-11T04:16:45Z",
"published": "2022-05-17T04:56:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3946"
},
{
"type": "WEB",
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=9decfc17bb76da34734296048d390b176abf404c"
},
{
"type": "WEB",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c"
},
{
"type": "WEB",
"url": "http://www.ffmpeg.org/security.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2011-3946
Vulnerability from gsd - Updated: 2023-12-13 01:19{
"GSD": {
"alias": "CVE-2011-3946",
"description": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.",
"id": "GSD-2011-3946",
"references": [
"https://www.suse.com/security/cve/CVE-2011-3946.html",
"https://www.debian.org/security/2014/dsa-3003"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-3946"
],
"details": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.",
"id": "GSD-2011-3946",
"modified": "2023-12-13T01:19:09.708235Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.9.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3946"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2013-12-10T17:10Z",
"publishedDate": "2013-12-09T16:35Z"
}
}
}
OPENSUSE-SU-2024:10926-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libav-tools-12.3-1.17 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libav-tools-12.3-1.17 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10926",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10926-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3946 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-6618 page",
"url": "https://www.suse.com/security/cve/CVE-2012-6618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0851 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0852 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0868 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-7010 page",
"url": "https://www.suse.com/security/cve/CVE-2013-7010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8544 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9604 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3395 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3417 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5479 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3062 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3062/"
}
],
"title": "libav-tools-12.3-1.17 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10926-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.aarch64",
"product": {
"name": "libav-tools-12.3-1.17.aarch64",
"product_id": "libav-tools-12.3-1.17.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.ppc64le",
"product": {
"name": "libav-tools-12.3-1.17.ppc64le",
"product_id": "libav-tools-12.3-1.17.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.s390x",
"product": {
"name": "libav-tools-12.3-1.17.s390x",
"product_id": "libav-tools-12.3-1.17.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.x86_64",
"product": {
"name": "libav-tools-12.3-1.17.x86_64",
"product_id": "libav-tools-12.3-1.17.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64"
},
"product_reference": "libav-tools-12.3-1.17.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le"
},
"product_reference": "libav-tools-12.3-1.17.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x"
},
"product_reference": "libav-tools-12.3-1.17.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
},
"product_reference": "libav-tools-12.3-1.17.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3946"
}
],
"notes": [
{
"category": "general",
"text": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3946",
"url": "https://www.suse.com/security/cve/CVE-2011-3946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-3946"
},
{
"cve": "CVE-2012-6618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-6618"
}
],
"notes": [
{
"category": "general",
"text": "The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient \"frames to estimate rate.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-6618",
"url": "https://www.suse.com/security/cve/CVE-2012-6618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2012-6618"
},
{
"cve": "CVE-2013-0851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0851"
}
],
"notes": [
{
"category": "general",
"text": "The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0851",
"url": "https://www.suse.com/security/cve/CVE-2013-0851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2013-0851"
},
{
"cve": "CVE-2013-0852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0852"
}
],
"notes": [
{
"category": "general",
"text": "The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0852",
"url": "https://www.suse.com/security/cve/CVE-2013-0852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2013-0852"
},
{
"cve": "CVE-2013-0868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0868"
}
],
"notes": [
{
"category": "general",
"text": "libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) \"len==0 cases.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0868",
"url": "https://www.suse.com/security/cve/CVE-2013-0868"
},
{
"category": "external",
"summary": "SUSE Bug 1189142 for CVE-2013-0868",
"url": "https://bugzilla.suse.com/1189142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2013-0868"
},
{
"cve": "CVE-2013-7010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-7010"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-7010",
"url": "https://www.suse.com/security/cve/CVE-2013-7010"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-7010"
},
{
"cve": "CVE-2014-8544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8544"
}
],
"notes": [
{
"category": "general",
"text": "libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8544",
"url": "https://www.suse.com/security/cve/CVE-2014-8544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-8544"
},
{
"cve": "CVE-2014-9604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9604"
}
],
"notes": [
{
"category": "general",
"text": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9604",
"url": "https://www.suse.com/security/cve/CVE-2014-9604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-9604"
},
{
"cve": "CVE-2015-3395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3395"
}
],
"notes": [
{
"category": "general",
"text": "The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3395",
"url": "https://www.suse.com/security/cve/CVE-2015-3395"
},
{
"category": "external",
"summary": "SUSE Bug 931216 for CVE-2015-3395",
"url": "https://bugzilla.suse.com/931216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3395"
},
{
"cve": "CVE-2015-3417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3417"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3417",
"url": "https://www.suse.com/security/cve/CVE-2015-3417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3417"
},
{
"cve": "CVE-2015-5479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5479"
}
],
"notes": [
{
"category": "general",
"text": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5479",
"url": "https://www.suse.com/security/cve/CVE-2015-5479"
},
{
"category": "external",
"summary": "SUSE Bug 949760 for CVE-2015-5479",
"url": "https://bugzilla.suse.com/949760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-5479"
},
{
"cve": "CVE-2016-3062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3062"
}
],
"notes": [
{
"category": "general",
"text": "The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3062",
"url": "https://www.suse.com/security/cve/CVE-2016-3062"
},
{
"category": "external",
"summary": "SUSE Bug 984487 for CVE-2016-3062",
"url": "https://bugzilla.suse.com/984487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-3062"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.