Computer Security
[EN] securityvulns.ru no-pyccku


ffmpeg library multiple security vulnerabilities
updated since 11.11.2011
Published:27.11.2011
Source:
SecurityVulns ID:12031
Type:remote
Threat Level:
7/10
Description:Memory corruption on MKV and AVS/CAVS containers parsing.
Affected:FFMPEG : FFmpeg 0.7
 FFMPEG : FFmpeg 0.8
CVE:CVE-2011-3974 (Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.)
 CVE-2011-3973 (cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.)
 CVE-2011-3504 (The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.)
 CVE-2011-3362 (Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.)
Original documentdocument[email protected], NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution (27.11.2011)
 document[email protected], NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution (27.11.2011)
 document[email protected], NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution (27.11.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod