Vulnerability-Lookup

CVE-2011-3936 (GCVE-0-2011-3936)

Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 23:53

Summary

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.

Severity ?

No CVSS data available.

CWE

Assigner

Chrome

References

URL

Tags

	http://www.ubuntu.com/usn/USN-1479-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/49089	third-party-advisoryx_refsource_SECUNIA
	http://ffmpeg.org/	x_refsource_CONFIRM
	http://www.debian.org/security/2012/dsa-2471	vendor-advisoryx_refsource_DEBIAN
	http://libav.org/	x_refsource_CONFIRM
	http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=…	x_refsource_CONFIRM
	http://git.libav.org/?p=libav.git%3Ba=commitdiff%…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:53:32.222Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1479-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1479-1"
          },
          {
            "name": "49089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49089"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ffmpeg.org/"
          },
          {
            "name": "DSA-2471",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2471"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://libav.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-30T09:00:00",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "USN-1479-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1479-1"
        },
        {
          "name": "49089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49089"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ffmpeg.org/"
        },
        {
          "name": "DSA-2471",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2471"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://libav.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2011-3936",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-1479-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1479-1"
            },
            {
              "name": "49089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49089"
            },
            {
              "name": "http://ffmpeg.org/",
              "refsource": "CONFIRM",
              "url": "http://ffmpeg.org/"
            },
            {
              "name": "DSA-2471",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2471"
            },
            {
              "name": "http://libav.org/",
              "refsource": "CONFIRM",
              "url": "http://libav.org/"
            },
            {
              "name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
              "refsource": "CONFIRM",
              "url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
            },
            {
              "name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366",
              "refsource": "CONFIRM",
              "url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2011-3936",
    "datePublished": "2012-08-20T18:00:00",
    "dateReserved": "2011-10-01T00:00:00",
    "dateUpdated": "2024-08-06T23:53:32.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-3936\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2012-08-20T18:55:01.683\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n dv_extract_audio en libavcodec de FFmpeg en v0.7.x antes de v0.7.12 y v0.8.x antes de y v0.8.11 y en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.5 y v0.8.x antes de v0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una archivo DV modificado.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30FE6578-F031-4F5B-B955-8F912CFCA1B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07669E0E-8C4B-430E-802F-F64EEA2B5A0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EB7F17-F25D-4E48-8A43-F799619CE71F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60705A3B-7136-45D1-8068-E2DC9E01EB04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73E9E8F4-A942-4F34-BCE2-82A180F1DD1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAA31D75-C3FB-4D89-8B2D-21372AAEB78B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B20E5358-826C-47A2-B39F-ED4E9213BA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26321888-E140-4F09-AAA0-7392AA7F6307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44800572-71C5-4AA1-9CB6-30AA902B0353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87090477-1D36-48B3-88AE-5CD5EE8F89D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2096FF8B-9B57-4C59-84DB-9CC0DEAB47AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34C99254-776C-4AAD-BDA2-3F544256AA67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F428A2E4-A54F-4296-A00F-1A4E160253D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5239E4FA-0359-49F1-93D4-24AB013FAC20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0C8230D-4E89-45F9-B0F7-E317119E0FA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585CE7D2-1CE8-44AB-AE67-07D7D3721F68\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F27FF9C0-652E-42E8-90D0-B9B369DD6C8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F27211-2DFC-4488-93D2-9A3664E593AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6418D3A-9972-4819-B2E6-2510438698A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF17452C-ED28-4558-9C90-102DF5485103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CECEC54E-7014-447C-9174-8C2B026FF0B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31BE32E4-9577-4BA7-A275-67A86DB7BCE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16A3CC3F-C294-4DB3-97AE-1CFBED14A8AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E252038-F5E0-427F-8E59-FFD633497D09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABD1BB7A-D6FF-4B80-9DA6-36D081FB41CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"530C27CC-3250-4C94-8D88-F423FFD0BD4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"936C1855-67FB-49C3-A20A-3FE331403366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92EB185C-1909-4359-B0C1-681E4ABEEECF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"136C7881-DB5A-4018-B01F-D2F9069F53D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090BF77B-A099-4ECD-A9BC-AAD4B499F4C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18053821-801F-4652-AA73-9FDC5F562BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8B20C36-FD4A-4DEB-B060-90C25440606F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FB24BD2-D741-4790-89C5-133BF8AEB191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5322AE7-8CAD-45EF-9955-37D16EBBDD40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFCDCA15-DF61-4150-96D7-10D68D07DAD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D50C72-65B2-4490-9259-2A436207A72D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BCDD63-DECF-4494-BCA7-30BFEE7055D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4953EC2E-BCD6-41B5-AEB3-0D82C15363A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CEBE4E3-50F3-43CB-911F-E1B52C2B8B3A\"}]}]}],\"references\":[{\"url\":\"http://ffmpeg.org/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://libav.org/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://secunia.com/advisories/49089\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2471\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1479-1\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://ffmpeg.org/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://libav.org/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/49089\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2471\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1479-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2012-AVI-039

Vulnerability from certfr_avis - Published: 2012-01-31 - Updated: 2012-01-31

De multiples vulnérabilités présentes dans FFmpeg permettent d'effectuer une exécution de code ou un deni de service à distance.

Description

De multiples vulnérabilités ont été corrigées dans FFmpeg. Ces vulnérabilités permettent à une personne malintentionnée d'effectuer une exécution de code ou un deni de service à distance au moyen d'un fichier spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La version 0.10 corrige le problème.

FFmpeg versions antérieures à 0.10.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité FFmpeg

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFFmpeg versions ant\u00e9rieures \u00e0 0.10.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans FFmpeg. Ces\nvuln\u00e9rabilit\u00e9s permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code ou un deni de service \u00e0 distance au moyen d\u0027un fichier\nsp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). La version 0.10 corrige le\nprobl\u00e8me.\n",
  "cves": [
    {
      "name": "CVE-2011-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
    },
    {
      "name": "CVE-2011-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3950"
    },
    {
      "name": "CVE-2011-3929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
    },
    {
      "name": "CVE-2011-3936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
    },
    {
      "name": "CVE-2011-3937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
    },
    {
      "name": "CVE-2011-3940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
    },
    {
      "name": "CVE-2011-3947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
    },
    {
      "name": "CVE-2011-3934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3934"
    },
    {
      "name": "CVE-2011-3949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3949"
    },
    {
      "name": "CVE-2011-3952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3952"
    },
    {
      "name": "CVE-2011-3946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3946"
    },
    {
      "name": "CVE-2011-3935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3935"
    },
    {
      "name": "CVE-2011-3944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3944"
    },
    {
      "name": "CVE-2011-3941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3941"
    },
    {
      "name": "CVE-2011-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3951"
    }
  ],
  "initial_release_date": "2012-01-31T00:00:00",
  "last_revision_date": "2012-01-31T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-039",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans FFmpeg permettent d\u0027effectuer\nune ex\u00e9cution de code ou un deni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FFmpeg",
      "url": "http://ffmpeg.org/security.html"
    }
  ]
}

CERTA-2012-AVI-253

Vulnerability from certfr_avis - Published: 2012-05-07 - Updated: 2012-05-07

De multiples vulnérabilités ont été corrigées dans les versions 0.7 et 0.8 de FFmpeg. Ces vulnérabilités peuvent être exploitées par une personne malveillante distante pour effectuer un déni de service ou pour compromettre un système au moyen d'un fichier spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	FFmpeg 0.8 versions antérieures à 0.8.11 ;
	N/A	N/A	FFmepg 0.7 versions antérieures à 0.7.12.

References

Title

Publication Time

Tags

Bulletin FFmpeg

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FFmpeg 0.8 versions ant\u00e9rieures \u00e0 0.8.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "FFmepg 0.7 versions ant\u00e9rieures \u00e0 0.7.12.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
    },
    {
      "name": "CVE-2011-3929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
    },
    {
      "name": "CVE-2011-3936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
    },
    {
      "name": "CVE-2011-3937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
    },
    {
      "name": "CVE-2011-3940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
    },
    {
      "name": "CVE-2011-3947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
    },
    {
      "name": "CVE-2012-0853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0853"
    },
    {
      "name": "CVE-2012-0858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0858"
    }
  ],
  "initial_release_date": "2012-05-07T00:00:00",
  "last_revision_date": "2012-05-07T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-253",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les versions 0.7 et\n0.8 de FFmpeg. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par une\npersonne malveillante distante pour effectuer un d\u00e9ni de service ou pour\ncompromettre un syst\u00e8me au moyen d\u0027un fichier sp\u00e9cialement con\u00e7u.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin FFmpeg",
      "url": "http://ffmpeg.org/index.html#pr0811"
    }
  ]
}

GSD-2011-3936

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-3936

Aliases

CVE-2011-3936

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3936",
    "description": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.",
    "id": "GSD-2011-3936",
    "references": [
      "https://www.debian.org/security/2012/dsa-2471"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3936"
      ],
      "details": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.",
      "id": "GSD-2011-3936",
      "modified": "2023-12-13T01:19:10.264661Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@google.com",
        "ID": "CVE-2011-3936",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "USN-1479-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1479-1"
          },
          {
            "name": "49089",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49089"
          },
          {
            "name": "http://ffmpeg.org/",
            "refsource": "CONFIRM",
            "url": "http://ffmpeg.org/"
          },
          {
            "name": "DSA-2471",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2471"
          },
          {
            "name": "http://libav.org/",
            "refsource": "CONFIRM",
            "url": "http://libav.org/"
          },
          {
            "name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
            "refsource": "CONFIRM",
            "url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
          },
          {
            "name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366",
            "refsource": "CONFIRM",
            "url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2011-3936"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
            },
            {
              "name": "http://libav.org/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://libav.org/"
            },
            {
              "name": "USN-1479-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1479-1"
            },
            {
              "name": "http://ffmpeg.org/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ffmpeg.org/"
            },
            {
              "name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
            },
            {
              "name": "DSA-2471",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2471"
            },
            {
              "name": "49089",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49089"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2012-10-30T03:57Z",
      "publishedDate": "2012-08-20T18:55Z"
    }
  }
}

GHSA-XJW3-XJHW-33XQ

Vulnerability from github – Published: 2022-05-17 05:19 – Updated: 2025-04-11 04:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-08-20T18:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.",
  "id": "GHSA-xjw3-xjhw-33xq",
  "modified": "2025-04-11T04:00:53Z",
  "published": "2022-05-17T05:19:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3936"
    },
    {
      "type": "WEB",
      "url": "http://ffmpeg.org"
    },
    {
      "type": "WEB",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
    },
    {
      "type": "WEB",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
    },
    {
      "type": "WEB",
      "url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
    },
    {
      "type": "WEB",
      "url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
    },
    {
      "type": "WEB",
      "url": "http://libav.org"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49089"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2471"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-3936

Vulnerability from fkie_nvd - Published: 2012-08-20 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	chrome-cve-admin@google.com	http://ffmpeg.org/
	chrome-cve-admin@google.com	http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b
	chrome-cve-admin@google.com	http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366
	chrome-cve-admin@google.com	http://libav.org/
	chrome-cve-admin@google.com	http://secunia.com/advisories/49089
	chrome-cve-admin@google.com	http://www.debian.org/security/2012/dsa-2471
	chrome-cve-admin@google.com	http://www.ubuntu.com/usn/USN-1479-1
	af854a3a-2127-422b-91ae-364da2661108	http://ffmpeg.org/
	af854a3a-2127-422b-91ae-364da2661108	http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b
	af854a3a-2127-422b-91ae-364da2661108	http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366
	af854a3a-2127-422b-91ae-364da2661108	http://libav.org/
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49089
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2471
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1479-1

Impacted products

Vendor	Product	Version
ffmpeg	ffmpeg	0.7
ffmpeg	ffmpeg	0.7.1
ffmpeg	ffmpeg	0.7.2
ffmpeg	ffmpeg	0.7.3
ffmpeg	ffmpeg	0.7.6
ffmpeg	ffmpeg	0.7.7
ffmpeg	ffmpeg	0.7.8
ffmpeg	ffmpeg	0.7.9
ffmpeg	ffmpeg	0.7.11
ffmpeg	ffmpeg	0.7.12
ffmpeg	ffmpeg	0.8.0
ffmpeg	ffmpeg	0.8.1
ffmpeg	ffmpeg	0.8.2
ffmpeg	ffmpeg	0.8.5
ffmpeg	ffmpeg	0.8.6
ffmpeg	ffmpeg	0.8.7
ffmpeg	ffmpeg	0.8.8
ffmpeg	ffmpeg	0.8.10
libav	libav	0.5
libav	libav	0.5.1
libav	libav	0.5.2
libav	libav	0.5.3
libav	libav	0.5.4
libav	libav	0.5.5
libav	libav	0.5.6
libav	libav	0.5.7
libav	libav	0.6
libav	libav	0.6.1
libav	libav	0.6.2
libav	libav	0.6.3
libav	libav	0.6.4
libav	libav	0.6.5
libav	libav	0.7
libav	libav	0.7
libav	libav	0.7
libav	libav	0.7.1
libav	libav	0.7.2
libav	libav	0.7.3
libav	libav	0.7.4
libav	libav	0.8
libav	libav	0.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "30FE6578-F031-4F5B-B955-8F912CFCA1B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07669E0E-8C4B-430E-802F-F64EEA2B5A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3EB7F17-F25D-4E48-8A43-F799619CE71F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60705A3B-7136-45D1-8068-E2DC9E01EB04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73E9E8F4-A942-4F34-BCE2-82A180F1DD1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAA31D75-C3FB-4D89-8B2D-21372AAEB78B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B20E5358-826C-47A2-B39F-ED4E9213BA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "26321888-E140-4F09-AAA0-7392AA7F6307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E46B9F3-A9C0-4B8A-A119-40CA4CBBD0EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "44800572-71C5-4AA1-9CB6-30AA902B0353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87090477-1D36-48B3-88AE-5CD5EE8F89D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2096FF8B-9B57-4C59-84DB-9CC0DEAB47AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "34C99254-776C-4AAD-BDA2-3F544256AA67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9D7B73-9CDA-4BAE-8DD9-8E1E34C20648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F428A2E4-A54F-4296-A00F-1A4E160253D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5239E4FA-0359-49F1-93D4-24AB013FAC20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0C8230D-4E89-45F9-B0F7-E317119E0FA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "585CE7D2-1CE8-44AB-AE67-07D7D3721F68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F27FF9C0-652E-42E8-90D0-B9B369DD6C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F27211-2DFC-4488-93D2-9A3664E593AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6418D3A-9972-4819-B2E6-2510438698A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF17452C-ED28-4558-9C90-102DF5485103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CECEC54E-7014-447C-9174-8C2B026FF0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31BE32E4-9577-4BA7-A275-67A86DB7BCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A3CC3F-C294-4DB3-97AE-1CFBED14A8AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E252038-F5E0-427F-8E59-FFD633497D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD1BB7A-D6FF-4B80-9DA6-36D081FB41CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "530C27CC-3250-4C94-8D88-F423FFD0BD4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "936C1855-67FB-49C3-A20A-3FE331403366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92EB185C-1909-4359-B0C1-681E4ABEEECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "136C7881-DB5A-4018-B01F-D2F9069F53D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "090BF77B-A099-4ECD-A9BC-AAD4B499F4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "18053821-801F-4652-AA73-9FDC5F562BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "B8B20C36-FD4A-4DEB-B060-90C25440606F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3FB24BD2-D741-4790-89C5-133BF8AEB191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5322AE7-8CAD-45EF-9955-37D16EBBDD40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFCDCA15-DF61-4150-96D7-10D68D07DAD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D50C72-65B2-4490-9259-2A436207A72D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3BCDD63-DECF-4494-BCA7-30BFEE7055D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4953EC2E-BCD6-41B5-AEB3-0D82C15363A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "3CEBE4E3-50F3-43CB-911F-E1B52C2B8B3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n dv_extract_audio en libavcodec de FFmpeg en v0.7.x antes de v0.7.12 y v0.8.x antes de y v0.8.11 y en Libav v0.5.x antes de v0.5.9, v0.6.x antes de v0.6.6, v0.7.x antes de v0.7.5 y v0.8.x antes de v0.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una archivo DV modificado.\r\n"
    }
  ],
  "id": "CVE-2011-3936",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-08-20T18:55:01.683",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://ffmpeg.org/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://libav.org/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://secunia.com/advisories/49089"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.debian.org/security/2012/dsa-2471"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ffmpeg.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://libav.org/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1479-1"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-3936 (GCVE-0-2011-3936)

CERTA-2012-AVI-039

Description

Solution

CERTA-2012-AVI-253

Solution

GSD-2011-3936

GHSA-XJW3-XJHW-33XQ

FKIE_CVE-2011-3936

Tags

Sightings

Nomenclature