Vulnerability Description
Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | 0.5 |
| Libav | Libav | 0.5 |
Related Weaknesses (CWE)
References
- http://ffmpeg.org/
- http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=c0cbe36b18ab3eb13a53fe684ec1f63
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c0cbe36b18ab3eb13a53fe684ec
- http://libav.org/
- http://libav.org/releases/libav-0.5.6.changelog
- http://libav.org/releases/libav-0.6.4.changelog
- http://libav.org/releases/libav-0.7.3.changelog
- http://ubuntu.com/usn/usn-1320-1
- http://ubuntu.com/usn/usn-1333-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:074
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:075
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:076
- http://ffmpeg.org/
- http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=c0cbe36b18ab3eb13a53fe684ec1f63
- http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c0cbe36b18ab3eb13a53fe684ec
FAQ
What is CVE-2011-4364?
CVE-2011-4364 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4...
How severe is CVE-2011-4364?
CVE-2011-4364 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4364?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg, Libav Libav.