CVE-2011-3504

FFmpeg < 0.8.3 - Remote Code Execution via Matroska Format Decoder

Title source: llm

Description

The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.

References (10)

Core 10

Core References

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:076

Various Sources vendor-advisory x_refsource_ubuntu

http://ubuntu.com/usn/usn-1320-1

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:074

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45532

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:075

Release Notes x_refsource_misc

http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog

Various Sources vendor-advisory x_refsource_ubuntu

http://ubuntu.com/usn/usn-1333-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/75621

Release Notes x_refsource_misc

http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog

Vendor Advisory x_refsource_misc

http://technet.microsoft.com/en-us/security/msvr/msvr11-011

Scores

EPSS 0.0473

EPSS Percentile 89.5%

Details

CWE

CWE-94

Status published

Products (23)

ffmpeg/ffmpeg 0.3

ffmpeg/ffmpeg 0.3.1

ffmpeg/ffmpeg 0.3.2

ffmpeg/ffmpeg 0.3.3

ffmpeg/ffmpeg 0.3.4

ffmpeg/ffmpeg 0.4.0

ffmpeg/ffmpeg 0.4.2

ffmpeg/ffmpeg 0.4.3

ffmpeg/ffmpeg 0.4.4

ffmpeg/ffmpeg 0.4.5

... and 13 more

Published Sep 29, 2011

Tracked Since Feb 18, 2026