CVE-2011-3504 — Code Injection in Ffmpeg

CWE-94 — Code Injection6 documents5 sources

Severity

9.3CRITICALNVD

EPSS

4.7%

top 10.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedSep 29

Latest updateMay 14

Description

The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.4.1-1+3

▶NVDffmpeg/ffmpeg0.8.0+22

🔴Vulnerability Details

GHSA

GHSA-78h7-gxcg-7x5r: The Matroska format decoder in FFmpeg before 0↗2022-05-14

▶

OSV

CVE-2011-3504: The Matroska format decoder in FFmpeg before 0↗2011-09-29

▶

📋Vendor Advisories

Ubuntu

Libav vulnerabilities↗2012-01-17

▶

Ubuntu

FFmpeg vulnerabilities↗2012-01-05

▶

Debian

CVE-2011-3504: ffmpeg - The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate me...↗2011

▶