CVE-2011-3929: Buffer Overflow
First published: Mon Aug 20 2012(Updated: )
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FFmpeg | =0.7.7 | |
| FFmpeg | =0.7.1 | |
| FFmpeg | =0.7.6 | |
| FFmpeg | =0.7.8 | |
| FFmpeg | =0.7.9 | |
| FFmpeg | =0.7.11 | |
| FFmpeg | =0.7.2 | |
| FFmpeg | =0.8.6 | |
| FFmpeg | =0.8.5 | |
| FFmpeg | =0.8.10 | |
| FFmpeg | =0.8.7 | |
| FFmpeg | =0.8.8 | |
| libavutil | =0.5.6 | |
| libavutil | =0.5.7 | |
| libavutil | =0.5.3 | |
| libavutil | =0.5 | |
| libavutil | =0.5.2 | |
| libavutil | =0.5.5 | |
| libavutil | =0.5.4 | |
| libavutil | =0.5.1 | |
| libavutil | =0.6.5 | |
| libavutil | =0.6.2 | |
| libavutil | =0.6.4 | |
| libavutil | =0.6.3 | |
| libavutil | =0.6.1 | |
| libavutil | =0.6 | |
| libavutil | =0.7 | |
| libavutil | =0.7.4 | |
| libavutil | =0.7.1 | |
| libavutil | =0.7.2 | |
| libavutil | =0.7.3 | |
| libavutil | =0.8 | |
| libavutil | =0.8-beta2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2012/dsa-2471
- http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b
- http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04
- http://libav.org/
- http://ffmpeg.org/
- http://www.ubuntu.com/usn/USN-1479-1
- http://secunia.com/advisories/49089
- http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04
- http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b
Frequently Asked Questions
What is the severity of CVE-2011-3929?
CVE-2011-3929 has a medium severity level as it can lead to denial of service through a NULL pointer dereference.
How do I fix CVE-2011-3929?
To fix CVE-2011-3929, you should update FFmpeg to version 0.7.12 or later and Libav to version 0.5.9 or later.
Which versions of FFmpeg are affected by CVE-2011-3929?
FFmpeg versions 0.7.x before 0.7.12 and 0.8.x before 0.8.11 are affected by CVE-2011-3929.
Which versions of Libav are affected by CVE-2011-3929?
Libav versions 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 are affected by CVE-2011-3929.
What type of vulnerability is CVE-2011-3929?
CVE-2011-3929 is a denial of service vulnerability caused by improper handling of data in the avpriv_dv_produce_packet function.
- agent/weakness
- agent/type
- agent/remedy
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ffmpeg
- canonical/ffmpeg
- version/ffmpeg/0.7.7
- version/ffmpeg/0.7.1
- version/ffmpeg/0.7.6
- version/ffmpeg/0.7.8
- version/ffmpeg/0.7.9
- version/ffmpeg/0.7.11
- version/ffmpeg/0.7.2
- version/ffmpeg/0.8.6
- version/ffmpeg/0.8.5
- version/ffmpeg/0.8.10
- version/ffmpeg/0.8.7
- version/ffmpeg/0.8.8
- vendor/libav
- canonical/libavutil
- version/libavutil/0.5.6
- version/libavutil/0.5.7
- version/libavutil/0.5.3
- version/libavutil/0.5
- version/libavutil/0.5.2
- version/libavutil/0.5.5
- version/libavutil/0.5.4
- version/libavutil/0.5.1
- version/libavutil/0.6.5
- version/libavutil/0.6.2
- version/libavutil/0.6.4
- version/libavutil/0.6.3
- version/libavutil/0.6.1
- version/libavutil/0.6
- version/libavutil/0.7
- version/libavutil/0.7.4
- version/libavutil/0.7.1
- version/libavutil/0.7.2
- version/libavutil/0.7.3
- version/libavutil/0.8
- version/libavutil/0.8-beta2