CVE-2011-3362 — Out-of-bounds Write in Ffmpeg

CWE-18914 documents5 sources

Severity

6.8MEDIUMNVD

NVD5.0

EPSS

3.7%

top 11.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg Libav

Timeline

PublishedOct 2

Latest updateMay 17

Description

Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.4.1-1+3

▶NVDlibav/libav0.7.1+21

▶NVDffmpeg/ffmpeg0.7.3+28

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-v2j8-vr47-x5g5: cavsdec↗2022-05-17

▶

GHSA

GHSA-47gg-42gp-g49j: Integer signedness error in the decode_residual_block function in cavsdec↗2022-05-17

▶

GHSA

GHSA-7678-79q4-rmhw: Integer signedness error in the decode_residual_inter function in cavsdec↗2022-05-17

▶

OSV

CVE-2011-3974: Integer signedness error in the decode_residual_inter function in cavsdec↗2011-10-02

▶

OSV

CVE-2011-3362: Integer signedness error in the decode_residual_block function in cavsdec↗2011-10-02

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2011-09-19

▶

Ubuntu

Libav vulnerabilities↗2011-09-19

▶

Debian

CVE-2011-3974: ffmpeg - Integer signedness error in the decode_residual_inter function in cavsdec.c in l...↗2011

▶

Debian

CVE-2011-3973: ffmpeg - cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows rem...↗2011

▶

Debian

CVE-2011-3362: ffmpeg - Integer signedness error in the decode_residual_block function in cavsdec.c in l...↗2011

▶