CVE-2011-3940

2012-05-1300:00:00

ubuntu.com

0.021 Low

EPSS

Percentile

89.4%

JSON

nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before
0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before
0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of
service (out-of-bounds read and write) via a crafted NSV file that triggers
“use of uninitialized streams.”

Notes

Author	Note
mdeslaur	ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchffmpeg< 4:0.5.9-0ubuntu0.10.04.1UNKNOWN
ubuntuupstreamnoarchffmpeg< 0.5.9UNKNOWN
ubuntuupstreamnoarchffmpeg-extra< anyUNKNOWN
ubuntu11.04noarchlibav< 4:0.6.6-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchlibav< 4:0.7.6-0ubuntu0.11.10.1UNKNOWN
ubuntuupstreamnoarchlibav< 0.6.6,0.7.5,0.8.1UNKNOWN
ubuntuupstreamnoarchlibav-extra< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	ffmpeg	< 4:0.5.9-0ubuntu0.10.04.1	UNKNOWN
ubuntu	upstream	noarch	ffmpeg	< 0.5.9	UNKNOWN
ubuntu	upstream	noarch	ffmpeg-extra	< any	UNKNOWN
ubuntu	11.04	noarch	libav	< 4:0.6.6-0ubuntu0.11.04.1	UNKNOWN
ubuntu	11.10	noarch	libav	< 4:0.7.6-0ubuntu0.11.10.1	UNKNOWN
ubuntu	upstream	noarch	libav	< 0.6.6,0.7.5,0.8.1	UNKNOWN
ubuntu	upstream	noarch	libav-extra	< any	UNKNOWN