CVE-2011-3934 — Double Free in Ffmpeg

CWE-3995 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.6%

top 31.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedDec 9

Latest updateMay 17

Description

Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.4.1-1+3

▶NVDffmpeg/ffmpeg0.9.1+50

🔴Vulnerability Details

GHSA

GHSA-94vc-jrg8-w47h: Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3↗2022-05-17

▶

OSV

CVE-2011-3934: Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3↗2013-12-09

▶

📋Vendor Advisories

Debian

CVE-2011-3934: ffmpeg - Double free vulnerability in the vp3_update_thread_context function in libavcode...↗2011

▶

📄Research Papers

arXiv

VulDeeLocator: A Deep Learning-based Fine-grained Vulnerability Detector↗2021-05-01

▶