#VU43700 Buffer overflow in FFmpeg and Libav - CVE-2011-3947
Published: August 20, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU43700
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-3947
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FFmpeg
Libav
FFmpeg
Libav
Software vendor:
ffmpeg.sourceforge.net
Libav
ffmpeg.sourceforge.net
Libav
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.
Remediation
Install update from vendor's website.
External links
- http://ffmpeg.org/
- http://git.libav.org/?p=libav.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5
- http://libav.org/
- http://secunia.com/advisories/49089
- http://www.debian.org/security/2012/dsa-2471
- http://www.ubuntu.com/usn/USN-1479-1