CVE-2011-3936

FFmpeg <0.7.12 & Libav <0.5.9-0.8.11 - DoS

Title source: llm

Description

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.

References (7)

Core 7

Core References

Various Sources x_refsource_confirm

http://libav.org/

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1479-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49089

Various Sources x_refsource_confirm

http://ffmpeg.org/

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2471

Various Sources x_refsource_confirm

http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b

Various Sources x_refsource_confirm

http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=2d1c0dea5f6b91bec7f5fa53ec050913d851e366

Scores

EPSS 0.0102

EPSS Percentile 77.5%

Details

CWE

CWE-20

Status published

Products (38)

ffmpeg/ffmpeg 0.7

ffmpeg/ffmpeg 0.7.1

ffmpeg/ffmpeg 0.7.2

ffmpeg/ffmpeg 0.7.3

ffmpeg/ffmpeg 0.7.6

ffmpeg/ffmpeg 0.7.7

ffmpeg/ffmpeg 0.7.8

ffmpeg/ffmpeg 0.7.9

ffmpeg/ffmpeg 0.7.11

ffmpeg/ffmpeg 0.7.12

... and 28 more

Published Aug 20, 2012

Tracked Since Feb 18, 2026