Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-3936
HistoryMay 13, 2012 - 12:00 a.m.

CVE-2011-3936

2012-05-1300:00:00
ubuntu.com
ubuntu.com
9

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.024

Percentile

90.0%

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12
and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before
0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers
to cause a denial of service (out-of-bounds read and application crash) via
a crafted DV file.

Notes

Author Note
mdeslaur ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package see patches for CVE-2011-3929
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchffmpeg< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
ubuntu11.04noarchlibav< 4:0.6.6-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchlibav< 4:0.7.6-0ubuntu0.11.10.1UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.024

Percentile

90.0%