CVE-2011-3940
FFmpeg 0.7.x < 0.7.12 and 0.8.x < 0.8.11 - Denial of Service via Crafted NSV File
Title source: llmDescription
nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."
References (8)
Core 8
Core References
Various Sources x_refsource_confirm
http://ffmpeg.org/
Various Sources x_refsource_confirm
http://libav.org/
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c898431ca5ef2a997fe9388b650f658fb60783e5
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1479-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49089
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2471
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b
Scores
EPSS
0.0102
EPSS Percentile
77.5%
Details
CWE
CWE-119
Status
published
Products (32)
ffmpeg/ffmpeg
0.7.1
ffmpeg/ffmpeg
0.7.2
ffmpeg/ffmpeg
0.7.6
ffmpeg/ffmpeg
0.7.7
ffmpeg/ffmpeg
0.7.8
ffmpeg/ffmpeg
0.7.9
ffmpeg/ffmpeg
0.7.11
ffmpeg/ffmpeg
0.8.5
ffmpeg/ffmpeg
0.8.6
ffmpeg/ffmpeg
0.8.7
... and 22 more
Published
Aug 20, 2012
Tracked Since
Feb 18, 2026