CVE-2011-3952

EPSS 0.96%
Veröffentlicht 20.08.2012 18:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle chrome-cve-admin@google.com
Teams Watchlist Login
Unerledigt Login

The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ffmpeg ≫ Ffmpeg Version <= 0.9.1

Ffmpeg ≫ Ffmpeg Version0.3

Ffmpeg ≫ Ffmpeg Version0.3.1

Ffmpeg ≫ Ffmpeg Version0.3.2

Ffmpeg ≫ Ffmpeg Version0.3.3

Ffmpeg ≫ Ffmpeg Version0.3.4

Ffmpeg ≫ Ffmpeg Version0.4.0

Ffmpeg ≫ Ffmpeg Version0.4.2

Ffmpeg ≫ Ffmpeg Version0.4.3

Ffmpeg ≫ Ffmpeg Version0.4.4

Ffmpeg ≫ Ffmpeg Version0.4.5

Ffmpeg ≫ Ffmpeg Version0.4.6

Ffmpeg ≫ Ffmpeg Version0.4.7

Ffmpeg ≫ Ffmpeg Version0.4.8

Ffmpeg ≫ Ffmpeg Version0.4.9

Ffmpeg ≫ Ffmpeg Version0.4.9 Updatepre1

Ffmpeg ≫ Ffmpeg Version0.5

Ffmpeg ≫ Ffmpeg Version0.5.1

Ffmpeg ≫ Ffmpeg Version0.5.2

Ffmpeg ≫ Ffmpeg Version0.5.3

Ffmpeg ≫ Ffmpeg Version0.5.4

Ffmpeg ≫ Ffmpeg Version0.6

Ffmpeg ≫ Ffmpeg Version0.6.1

Ffmpeg ≫ Ffmpeg Version0.6.2

Ffmpeg ≫ Ffmpeg Version0.7

Ffmpeg ≫ Ffmpeg Version0.7.1

Ffmpeg ≫ Ffmpeg Version0.7.2

Ffmpeg ≫ Ffmpeg Version0.7.3

Ffmpeg ≫ Ffmpeg Version0.7.6

Ffmpeg ≫ Ffmpeg Version0.7.7

Ffmpeg ≫ Ffmpeg Version0.7.8

Ffmpeg ≫ Ffmpeg Version0.7.9

Ffmpeg ≫ Ffmpeg Version0.7.11

Ffmpeg ≫ Ffmpeg Version0.7.12

Ffmpeg ≫ Ffmpeg Version0.8.0

Ffmpeg ≫ Ffmpeg Version0.8.1

Ffmpeg ≫ Ffmpeg Version0.8.2

Ffmpeg ≫ Ffmpeg Version0.8.5

Ffmpeg ≫ Ffmpeg Version0.8.6

Ffmpeg ≫ Ffmpeg Version0.8.7

Ffmpeg ≫ Ffmpeg Version0.8.8

Ffmpeg ≫ Ffmpeg Version0.8.10

Ffmpeg ≫ Ffmpeg Version0.8.11

Ffmpeg ≫ Ffmpeg Version0.9

Libav ≫ Libav Version0.5

Libav ≫ Libav Version0.5.1

Libav ≫ Libav Version0.5.2

Libav ≫ Libav Version0.5.3

Libav ≫ Libav Version0.6

Libav ≫ Libav Version0.6.1

Libav ≫ Libav Version0.6.2

Libav ≫ Libav Version0.6.3

Libav ≫ Libav Version0.7

Libav ≫ Libav Version0.7 Updatebeta1

Libav ≫ Libav Version0.7 Updatebeta2

Libav ≫ Libav Version0.7.1

Libav ≫ Libav Version0.7.2

Libav ≫ Libav Version0.7.3

Libav ≫ Libav Version0.7.4

Libav ≫ Libav Version0.7.5

Libav ≫ Libav Version0.8

Libav ≫ Libav Version0.8 Updatebeta2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.96%	0.755

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://ffmpeg.org/

http://libav.org/

http://www.ubuntu.com/usn/USN-1479-1

http://www.debian.org/security/2012/dsa-2494

http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=386741f887714d3e46c9e8fe577e326a7964037b

https://nvd.nist.gov/vuln/detail/CVE-2011-3952

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-3952

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-3952

EUVD