#VU32843 Code Injection in FFmpeg - cve-2011-3504

Cybersecurity Help s.r.o.

Published: 2011-09-29 | Updated: 2020-07-28

Vulnerability identifier: #VU32843

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: cve-2011-3504

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FFmpeg
Universal components / Libraries / Libraries used by multiple products

Vendor: ffmpeg.sourceforge.net

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

FFmpeg: 0.8.0 - 0.8.2

External links
https://secunia.com/advisories/45532
https://technet.microsoft.com/en-us/security/msvr/msvr11-011
https://ubuntu.com/usn/usn-1320-1
https://ubuntu.com/usn/usn-1333-1
https://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog
https://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog
https://www.mandriva.com/security/advisories?name=MDVSA-2012:074
https://www.mandriva.com/security/advisories?name=MDVSA-2012:075
https://www.mandriva.com/security/advisories?name=MDVSA-2012:076
https://www.osvdb.org/75621

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Code Injection in ffmpeg (Alpine package)

Code Injection in ffmpeg.sourceforge.net FFmpeg