CVE-2011-1931
published 2011-07-07CVE-2011-1931: sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.23%
80.5th percentile
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
Affected
115 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ffmpeg | — | — |
| ffmpeg | ffmpeg | <= 0.6.2 | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| ffmpeg | ffmpeg | — | — |
| libav | libav | <= 0.6.2 | — |
| libav | libav | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_ubuntu7.5HIGH
vendor_debian6.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g323-87f6-pv6c: sp5xdec
ghsa_unreviewed·2022-05-17
CVE-2011-1931 [MEDIUM] CWE-119 GHSA-g323-87f6-pv6c: sp5xdec
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
Ubuntu
FFmpeg vulnerabilities
vendor_ubuntu·2011-09-19·CVSS 7.5
CVE-2011-2161 [HIGH] FFmpeg vulnerabilities
Title: FFmpeg vulnerabilities
Summary: FFmpeg could be made to run programs as your login if it opened a specially
crafted file.
It was discovered that FFmpeg incorrectly handled certain malformed ogg
files. If a user were tricked into opening a crafted ogg file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program. This
issue only affected Ubuntu 10.10. (CVE-2011-1196)
It was discovered that FFmpeg incorrectly handled certain malformed AMV
files. If a user were tricked into opening a crafted AMV file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program. This
issue only affected Ubuntu
Ubuntu
Libav vulnerabilities
vendor_ubuntu·2011-09-19·CVSS 7.5
CVE-2011-1196 [HIGH] Libav vulnerabilities
Title: Libav vulnerabilities
Summary: Libav could be made to run programs as your login if it opened a specially
crafted file.
It was discovered that Libav incorrectly handled certain malformed ogg
files. If a user were tricked into opening a crafted ogg file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2011-1196)
It was discovered that Libav incorrectly handled certain malformed AMV
files. If a user were tricked into opening a crafted AMV file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2011-1931)
Emmanouel Kellinis discovered that Libav incorrectly hand
Debian
CVE-2011-1931: ffmpeg - sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 ...
vendor_debian·2011·CVSS 6.8
CVE-2011-1931 [MEDIUM] CVE-2011-1931: ffmpeg - sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 ...
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32http://securityreason.com/securityalert/8299http://www.securityfocus.com/archive/1/517706http://www.securityfocus.com/bid/47602http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32http://securityreason.com/securityalert/8299http://www.securityfocus.com/archive/1/517706http://www.securityfocus.com/bid/47602
2011-07-07
Published