CVE-2011-1931
FFmpeg < 0.6.3 and libav <= 0.6.2 - Memory Corruption via Malformed AMV File
Title source: llmDescription
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
References (5)
Core 5
Core References
Patch x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/517706
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8299
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47602
Scores
EPSS
0.0234
EPSS Percentile
85.1%
Details
CWE
CWE-119
Status
published
Products (50)
ffmpeg/ffmpeg
0.3
ffmpeg/ffmpeg
0.3.1
ffmpeg/ffmpeg
0.3.2
ffmpeg/ffmpeg
0.3.3
ffmpeg/ffmpeg
0.3.4
ffmpeg/ffmpeg
0.4.0
ffmpeg/ffmpeg
0.4.2
ffmpeg/ffmpeg
0.4.3
ffmpeg/ffmpeg
0.4.4
ffmpeg/ffmpeg
0.4.5
... and 40 more
Published
Jul 07, 2011
Tracked Since
Feb 18, 2026