LibAVCodec / FFMpeg / VLC index array overflow updated since 27.04.2011
Published:		03.08.2011
Source:		BUGTRAQ
SecurityVulns ID:		11631
Type:		library
Level:		6/10
Description:		Index array overflow on AMV files parsing.

Affected:		VLC : VLC media player 1.1
CVE:		CVE-2011-1931 (sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.)

Original document		Research@NGSSecure, NGS00068 Technical Advisory - LibAVCodec AMV Out of Array Write (03.08.2011)
		Research@NGSSecure, NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write (27.04.2011)
		Research@NGSSecure, NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write (27.04.2011)

Discuss:

Read or add your comments to this news (0 comments)