cbcvebase.
CVE-2011-1931
published 2011-07-07

CVE-2011-1931: sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier…

PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.23%
80.5th percentile
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.

Affected

115 ranges· showing 25
VendorProductVersion rangeFixed in
debianffmpeg
ffmpegffmpeg<= 0.6.2
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
ffmpegffmpeg
libavlibav<= 0.6.2
libavlibav

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_ubuntu7.5HIGH
vendor_debian6.8LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.