CVE-2011-3929
FFmpeg 0.7.x < 0.7.12 and 0.8.x < 0.8.11 - Denial of Service via Crafted DV File
Title source: llmDescription
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1479-1
Various Sources x_refsource_confirm
http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49089
Various Sources x_refsource_confirm
http://ffmpeg.org/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2471
Various Sources x_refsource_confirm
http://libav.org/
Various Sources x_refsource_confirm
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b
Scores
EPSS
0.0290
EPSS Percentile
86.5%
Details
CWE
CWE-119
Status
published
Products (32)
ffmpeg/ffmpeg
0.7.1
ffmpeg/ffmpeg
0.7.2
ffmpeg/ffmpeg
0.7.6
ffmpeg/ffmpeg
0.7.7
ffmpeg/ffmpeg
0.7.8
ffmpeg/ffmpeg
0.7.9
ffmpeg/ffmpeg
0.7.11
ffmpeg/ffmpeg
0.8.5
ffmpeg/ffmpeg
0.8.6
ffmpeg/ffmpeg
0.8.7
... and 22 more
Published
Aug 20, 2012
Tracked Since
Feb 18, 2026