CVE-2011-3937 — Ffmpeg vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

0.7%

top 28.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Libav Debian Ffmpeg

Timeline

PublishedJan 5

Latest updateMay 14

Description

The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDffmpeg/ffmpeg0.9.1+49

▶NVDlibav/libav21 versions+20

▶debiandebian/ffmpeg

🔴Vulnerability Details

GHSA

GHSA-jj3j-75wc-9j9f: The H↗2022-05-14

▶

📋Vendor Advisories

Debian

CVE-2011-3937: ffmpeg - The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x befo...↗2011

▶