CVE-2011-3937

2013-01-0500:00:00

ubuntu.com

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

60.7%

JSON

The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x
before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x
before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before
0.8.1 has unspecified impact and attack vectors related to “width/height
changing with frame threads.”

Notes

Author	Note
mdeslaur	ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package libav upstream says fixed multithreaded decoding which was introduced in 0.7, so older releases not affected.