Vulnerability Description
The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | 0.7.1 |
| Libav | Libav | 0.5 |
References
- http://ffmpeg.org/security.html
- http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a
- http://libav.org/news.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:079
- http://ffmpeg.org/security.html
- http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a
- http://libav.org/news.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:079
FAQ
What is CVE-2011-3937?
CVE-2011-3937 is a vulnerability with a CVSS score of 10.0 (HIGH). The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5...
How severe is CVE-2011-3937?
CVE-2011-3937 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3937?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg, Libav Libav.