Lucene search

RedhatCVE-2011-4352

HistoryAug 20, 2012 - 8:55 p.m.

CVE-2011-4352

2012-08-2020:55:02

CWE-189

redhat

web.nvd.nist.gov

cve-2011-4352

integer overflow

vp3 decoder

ffmpeg

libav

buffer overflow

denial of service

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.6

Confidence

High

EPSS

0.029

Percentile

90.9%

JSON

Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow.

Affected configurations

Nvd

Node

libavlibavMatch0.5

libavlibavMatch0.5.1

libavlibavMatch0.5.2

libavlibavMatch0.5.3

libavlibavMatch0.5.4

libavlibavMatch0.5.5

libavlibavMatch0.6

libavlibavMatch0.6.1

libavlibavMatch0.6.2

libavlibavMatch0.6.3

libavlibavMatch0.7

libavlibavMatch0.7beta1

libavlibavMatch0.7beta2

libavlibavMatch0.7.1

Node

ffmpegffmpegMatch0.5

ffmpegffmpegMatch0.5.1

ffmpegffmpegMatch0.5.2

ffmpegffmpegMatch0.5.3

ffmpegffmpegMatch0.5.4

ffmpegffmpegMatch0.5.4.5

ffmpegffmpegMatch0.5.4.6

ffmpegffmpegMatch0.6

ffmpegffmpegMatch0.6.1

ffmpegffmpegMatch0.6.2

ffmpegffmpegMatch0.6.3

ffmpegffmpegMatch0.7

ffmpegffmpegMatch0.7.1

ffmpegffmpegMatch0.7.2

ffmpegffmpegMatch0.7.3

ffmpegffmpegMatch0.7.4

ffmpegffmpegMatch0.7.5

ffmpegffmpegMatch0.7.6

ffmpegffmpegMatch0.7.7

ffmpegffmpegMatch0.7.8

ffmpegffmpegMatch0.8.0

ffmpegffmpegMatch0.8.1

ffmpegffmpegMatch0.8.2

ffmpegffmpegMatch0.8.5

ffmpegffmpegMatch0.8.5.3

ffmpegffmpegMatch0.8.5.4

ffmpegffmpegMatch0.8.6

ffmpegffmpegMatch0.8.7

VendorProductVersionCPE
libavlibav0.5cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*
libavlibav0.5.1cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*
libavlibav0.5.2cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*
libavlibav0.5.3cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*
libavlibav0.5.4cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*
libavlibav0.5.5cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*
libavlibav0.6cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*
libavlibav0.6.1cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*
libavlibav0.6.2cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*
libavlibav0.6.3cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libav	libav	0.5	cpe:2.3:a:libav:libav:0.5:::::::*
libav	libav	0.5.1	cpe:2.3:a:libav:libav:0.5.1:::::::*
libav	libav	0.5.2	cpe:2.3:a:libav:libav:0.5.2:::::::*
libav	libav	0.5.3	cpe:2.3:a:libav:libav:0.5.3:::::::*
libav	libav	0.5.4	cpe:2.3:a:libav:libav:0.5.4:::::::*
libav	libav	0.5.5	cpe:2.3:a:libav:libav:0.5.5:::::::*
libav	libav	0.6	cpe:2.3:a:libav:libav:0.6:::::::*
libav	libav	0.6.1	cpe:2.3:a:libav:libav:0.6.1:::::::*
libav	libav	0.6.2	cpe:2.3:a:libav:libav:0.6.2:::::::*
libav	libav	0.6.3	cpe:2.3:a:libav:libav:0.6.3:::::::*