CVE-2011-3951

FFmpeg < 0.10 & Libav < 0.5.9/0.6.6/0.7.6/0.8.1 - RCE via Crafted Stereo Stream

Title source: llm
STIX 2.1

Description

The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1479-1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2494
Various Sources x_refsource_confirm
http://ffmpeg.org/
Various Sources x_refsource_confirm
http://libav.org/

Scores

EPSS 0.0234
EPSS Percentile 85.1%

Details

CWE
CWE-119
Status published
Products (35)
ffmpeg/ffmpeg 0.7.1
ffmpeg/ffmpeg 0.7.2
ffmpeg/ffmpeg 0.7.7
ffmpeg/ffmpeg 0.7.8
ffmpeg/ffmpeg 0.7.9
ffmpeg/ffmpeg 0.7.11
ffmpeg/ffmpeg 0.7.12
ffmpeg/ffmpeg 0.8.5
ffmpeg/ffmpeg 0.8.6
ffmpeg/ffmpeg 0.8.7
... and 25 more
Published Aug 20, 2012
Tracked Since Feb 18, 2026