CVE-2011-4579

The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://ffmpeg.org/	Vendor Advisory
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229
http://libav.org/	Vendor Advisory
http://ubuntu.com/usn/usn-1320-1
http://ubuntu.com/usn/usn-1333-1
http://www.mandriva.com/security/advisories?name=MDVSA-2012:074
http://www.mandriva.com/security/advisories?name=MDVSA-2012:075
http://www.mandriva.com/security/advisories?name=MDVSA-2012:076
http://www.securityfocus.com/archive/1/520620
http://ffmpeg.org/	Vendor Advisory
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229
http://libav.org/	Vendor Advisory
http://ubuntu.com/usn/usn-1320-1
http://ubuntu.com/usn/usn-1333-1
http://www.mandriva.com/security/advisories?name=MDVSA-2012:074
http://www.mandriva.com/security/advisories?name=MDVSA-2012:075
http://www.mandriva.com/security/advisories?name=MDVSA-2012:076
http://www.securityfocus.com/archive/1/520620

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ffmpeg:ffmpeg:0.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:::::::*
	cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:libav:libav:0.5:::::::*
	cpe:2.3:a:libav:libav:0.5.1:::::::*
	cpe:2.3:a:libav:libav:0.5.2:::::::*
	cpe:2.3:a:libav:libav:0.5.3:::::::*
	cpe:2.3:a:libav:libav:0.5.4:::::::*
	cpe:2.3:a:libav:libav:0.5.5:::::::*
	cpe:2.3:a:libav:libav:0.6:::::::*
	cpe:2.3:a:libav:libav:0.6.1:::::::*
	cpe:2.3:a:libav:libav:0.6.2:::::::*
	cpe:2.3:a:libav:libav:0.6.3:::::::*
	cpe:2.3:a:libav:libav:0.6.4:::::::*
	cpe:2.3:a:libav:libav:0.6.5:::::::*
	cpe:2.3:a:libav:libav:0.7:::::::*
	cpe:2.3:a:libav:libav:0.7.1:::::::*
	cpe:2.3:a:libav:libav:0.7.2:::::::*

History

21 Nov 2024, 01:32

Type	Values Removed	Values Added
References	~~() http://ffmpeg.org/ - Vendor Advisory~~	() http://ffmpeg.org/ - Vendor Advisory
References	~~() http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229 -~~	() http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229 -
References	~~() http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229 -~~	() http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229 -
References	~~() http://libav.org/ - Vendor Advisory~~	() http://libav.org/ - Vendor Advisory
References	~~() http://ubuntu.com/usn/usn-1320-1 -~~	() http://ubuntu.com/usn/usn-1320-1 -
References	~~() http://ubuntu.com/usn/usn-1333-1 -~~	() http://ubuntu.com/usn/usn-1333-1 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 -
References	~~() http://www.securityfocus.com/archive/1/520620 -~~	() http://www.securityfocus.com/archive/1/520620 -

07 Nov 2023, 02:09

Type	Values Removed	Values Added
References	{'url': 'http://git.libav.org/?p=libav.git;a=commit;h=6e24b9488e67849a28e64a8056e05f83cf439229', 'name': 'http://git.libav.org/?p=libav.git;a=commit;h=6e24b9488e67849a28e64a8056e05f83cf439229', 'tags': [], 'refsource': 'CONFIRM'} {'url': 'http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e24b9488e67849a28e64a8056e05f83cf439229', 'name': 'http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e24b9488e67849a28e64a8056e05f83cf439229', 'tags': [], 'refsource': 'CONFIRM'}	() http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229 - () http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229 -

Information

Published : 2012-08-20 20:55

Updated : 2024-11-21 01:32

NVD link : CVE-2011-4579

Mitre link : CVE-2011-4579

CVE.ORG link : CVE-2011-4579

JSON object : View

Products Affected

ffmpeg

ffmpeg

libav

libav

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

4.3 /10