CVE-2011-3947: Buffer Overflow
First published: Mon Aug 20 2012(Updated: )
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FFmpeg | =0.7.1 | |
| FFmpeg | =0.7.2 | |
| FFmpeg | =0.7.6 | |
| FFmpeg | =0.7.7 | |
| FFmpeg | =0.7.8 | |
| FFmpeg | =0.7.9 | |
| FFmpeg | =0.7.11 | |
| FFmpeg | =0.8.5 | |
| FFmpeg | =0.8.6 | |
| FFmpeg | =0.8.7 | |
| FFmpeg | =0.8.8 | |
| FFmpeg | =0.8.10 | |
| Libav | =0.5 | |
| Libav | =0.5.1 | |
| Libav | =0.5.2 | |
| Libav | =0.5.3 | |
| Libav | =0.5.4 | |
| Libav | =0.5.5 | |
| Libav | =0.5.6 | |
| Libav | =0.5.7 | |
| Libav | =0.6 | |
| Libav | =0.6.1 | |
| Libav | =0.6.2 | |
| Libav | =0.6.3 | |
| Libav | =0.6.4 | |
| Libav | =0.6.5 | |
| Libav | =0.7 | |
| Libav | =0.7.1 | |
| Libav | =0.7.2 | |
| Libav | =0.7.3 | |
| Libav | =0.7.4 | |
| Libav | =0.8 | |
| Libav | =0.8-beta2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5
- http://www.debian.org/security/2012/dsa-2471
- http://libav.org/
- http://www.ubuntu.com/usn/USN-1479-1
- http://ffmpeg.org/
- http://git.libav.org/?p=libav.git;a=commit;h=b57d262412204e54a7ef8fa1b23ff4dcede622e5
- http://secunia.com/advisories/49089
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5
- http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=b57d262412204e54a7ef8fa1b23ff4dcede622e5
Frequently Asked Questions
What is the severity of CVE-2011-3947?
CVE-2011-3947 has a severity rating that could lead to a denial of service and potentially allows remote attackers to execute arbitrary code.
How do I fix CVE-2011-3947?
To fix CVE-2011-3947, you should upgrade FFmpeg to versions 0.7.12 or 0.8.11 and Libav to versions 0.5.9, 0.6.6, 0.7.5, or 0.8.1 or higher.
Which software is affected by CVE-2011-3947?
CVE-2011-3947 affects FFmpeg versions 0.7.x before 0.7.12 and 0.8.x before 0.8.11, as well as Libav versions earlier than 0.5.9, 0.6.6, 0.7.5, and 0.8.1.
What type of vulnerability is CVE-2011-3947?
CVE-2011-3947 is categorized as a buffer overflow vulnerability.
What could happen if CVE-2011-3947 is exploited?
If exploited, CVE-2011-3947 can result in a crash of the affected program and may allow remote code execution by the attacker.
- agent/type
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ffmpeg
- canonical/ffmpeg
- version/ffmpeg/0.7.1
- version/ffmpeg/0.7.2
- version/ffmpeg/0.7.6
- version/ffmpeg/0.7.7
- version/ffmpeg/0.7.8
- version/ffmpeg/0.7.9
- version/ffmpeg/0.7.11
- version/ffmpeg/0.8.5
- version/ffmpeg/0.8.6
- version/ffmpeg/0.8.7
- version/ffmpeg/0.8.8
- version/ffmpeg/0.8.10
- vendor/libav
- canonical/libav
- version/libav/0.5
- version/libav/0.5.1
- version/libav/0.5.2
- version/libav/0.5.3
- version/libav/0.5.4
- version/libav/0.5.5
- version/libav/0.5.6
- version/libav/0.5.7
- version/libav/0.6
- version/libav/0.6.1
- version/libav/0.6.2
- version/libav/0.6.3
- version/libav/0.6.4
- version/libav/0.6.5
- version/libav/0.7
- version/libav/0.7.1
- version/libav/0.7.2
- version/libav/0.7.3
- version/libav/0.7.4
- version/libav/0.8
- version/libav/0.8-beta2