CVE-2011-3362

2011-09-1500:00:00

ubuntu.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

87.2%

JSON

Integer signedness error in the decode_residual_block function in cavsdec.c
in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav
through 0.7.1, allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code via a
crafted Chinese AVS video (aka CAVS) file.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641478>

Notes

Author	Note
mdeslaur	ffmpeg-extra in multiverse needs to have matching version

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchffmpeg< 4:0.5.1-1ubuntu1.2UNKNOWN
ubuntu10.10noarchffmpeg< 4:0.6-2ubuntu6.2UNKNOWN
ubuntu10.04noarchffmpeg-extra< 4:0.5.1-1ubuntu1.3UNKNOWN
ubuntu10.10noarchffmpeg-extra< 4:0.6-2ubuntu3.3UNKNOWN
ubuntu11.04noarchlibav< 4:0.6.2-1ubuntu1.1UNKNOWN
ubuntu11.04noarchlibav-extra< 4:0.6.4-1ubuntu1UNKNOWN
ubuntu11.10noarchlibav-extra< 4:0.7.3ubuntu0.11.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	ffmpeg	< 4:0.5.1-1ubuntu1.2	UNKNOWN
ubuntu	10.10	noarch	ffmpeg	< 4:0.6-2ubuntu6.2	UNKNOWN
ubuntu	10.04	noarch	ffmpeg-extra	< 4:0.5.1-1ubuntu1.3	UNKNOWN
ubuntu	10.10	noarch	ffmpeg-extra	< 4:0.6-2ubuntu3.3	UNKNOWN
ubuntu	11.04	noarch	libav	< 4:0.6.2-1ubuntu1.1	UNKNOWN
ubuntu	11.04	noarch	libav-extra	< 4:0.6.4-1ubuntu1	UNKNOWN
ubuntu	11.10	noarch	libav-extra	< 4:0.7.3ubuntu0.11.10.1	UNKNOWN