CVE-2011-3973
FFmpeg < 0.7.4 and 0.8.x < 0.8.3 - Denial of Service via Invalid CAVS Bitstream
Title source: llmDescription
cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:076
Patch x_refsource_confirm
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=bd968d260aef322fb32e254a3de0d2036c57bd56
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:074
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:075
Release Notes x_refsource_confirm
http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog
Release Notes x_refsource_confirm
http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog
Scores
EPSS
0.0138
EPSS Percentile
80.5%
Details
CWE
CWE-399
Status
published
Products (28)
ffmpeg/ffmpeg
0.3
ffmpeg/ffmpeg
0.3.1
ffmpeg/ffmpeg
0.3.2
ffmpeg/ffmpeg
0.3.3
ffmpeg/ffmpeg
0.3.4
ffmpeg/ffmpeg
0.4.0
ffmpeg/ffmpeg
0.4.2
ffmpeg/ffmpeg
0.4.3
ffmpeg/ffmpeg
0.4.4
ffmpeg/ffmpeg
0.4.5
... and 18 more
Published
Oct 02, 2011
Tracked Since
Feb 18, 2026