CVE-2011-3945

FFmpeg <0.7.12-0.8.11 & Libav <0.5.9-0.8.1 - DoS, RCE

Title source: llm

Description

The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.

References (5)

Core 5

Core References

Patch x_refsource_confirm

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=807a045ab7f51993a2c1b3116016cbbd4f3d20d6

Various Sources x_refsource_confirm

http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b

Various Sources x_refsource_confirm

http://ffmpeg.org/

Various Sources x_refsource_confirm

http://libav.org/

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:076

Scores

EPSS 0.0234

EPSS Percentile 85.1%

Details

CWE

CWE-119

Status published

Products (37)

ffmpeg/ffmpeg 0.7

ffmpeg/ffmpeg 0.7.1

ffmpeg/ffmpeg 0.7.2

ffmpeg/ffmpeg 0.7.3

ffmpeg/ffmpeg 0.7.6

ffmpeg/ffmpeg 0.7.7

ffmpeg/ffmpeg 0.7.8

ffmpeg/ffmpeg 0.7.9

ffmpeg/ffmpeg 0.7.11

ffmpeg/ffmpeg 0.8.0

... and 27 more

Published Aug 20, 2012

Tracked Since Feb 18, 2026