CVE-2011-4579

The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://git.libav.org/?p=libav.git;a=commit;h=6e24b9488e67849a28e64a8056e05f83cf439229
http://www.mandriva.com/security/advisories?name=MDVSA-2012:075
http://www.mandriva.com/security/advisories?name=MDVSA-2012:076
http://ffmpeg.org/	Vendor Advisory
http://libav.org/	Vendor Advisory
http://www.securityfocus.com/archive/1/520620
http://ubuntu.com/usn/usn-1333-1
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e24b9488e67849a28e64a8056e05f83cf439229
http://ubuntu.com/usn/usn-1320-1
http://www.mandriva.com/security/advisories?name=MDVSA-2012:074

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:libav:libav:0.5.5:::::::*
	cpe:2.3:a:libav:libav:0.6.2:::::::*
	cpe:2.3:a:libav:libav:0.6.4:::::::*
	cpe:2.3:a:libav:libav:0.6.3:::::::*
	cpe:2.3:a:libav:libav:0.5:::::::*
	cpe:2.3:a:libav:libav:0.7.1:::::::*
	cpe:2.3:a:libav:libav:0.7.2:::::::*
	cpe:2.3:a:libav:libav:0.5.1:::::::*
	cpe:2.3:a:libav:libav:0.5.3:::::::*
	cpe:2.3:a:libav:libav:0.6.5:::::::*
	cpe:2.3:a:libav:libav:0.7:::::::*
	cpe:2.3:a:libav:libav:0.5.2:::::::*
	cpe:2.3:a:libav:libav:0.5.4:::::::*
	cpe:2.3:a:libav:libav:0.6.1:::::::*
	cpe:2.3:a:libav:libav:0.6:::::::*

Information

Published : 2012-08-20 13:55

Updated : 2012-08-21 10:38

NVD link : CVE-2011-4579

Mitre link : CVE-2011-4579

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

ffmpeg

ffmpeg

libav

libav

4.3 /10