CVE-2011-3944 — Ffmpeg vulnerability

4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.7%

top 28.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedDec 9

Latest updateMay 17

Description

The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.4.1-1+3

▶NVDffmpeg/ffmpeg0.9.1+50

🔴Vulnerability Details

GHSA

GHSA-8rm9-ph3p-x36x: The smacker_decode_header_tree function in libavcodec/smacker↗2022-05-17

▶

OSV

CVE-2011-3944: The smacker_decode_header_tree function in libavcodec/smacker↗2013-12-09

▶

📋Vendor Advisories

Debian

CVE-2011-3944: ffmpeg - The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before...↗2011

▶