CVE-2011-3945

2012-05-2200:00:00

ubuntu.com

0.013 Low

EPSS

Percentile

85.8%

JSON

The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in
FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x
before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before
0.8.1, allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted media file.

Notes

Author	Note
mdeslaur	ffmpeg-extra in multiverse needs to have matching version libav-extra is built with tarball produced by libav package code not present in ffmpeg 0.5.x

OSVersionArchitecturePackageVersionFilename
ubuntuupstreamnoarchffmpeg< anyUNKNOWN
ubuntuupstreamnoarchffmpeg-extra< anyUNKNOWN
ubuntu11.04noarchlibav< 4:0.6.6-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchlibav< 4:0.7.6-0ubuntu0.11.10.1UNKNOWN
ubuntuupstreamnoarchlibav< 0.6.6,0.7.5,0.8.1UNKNOWN
ubuntuupstreamnoarchlibav-extra< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	upstream	noarch	ffmpeg	< any	UNKNOWN
ubuntu	upstream	noarch	ffmpeg-extra	< any	UNKNOWN
ubuntu	11.04	noarch	libav	< 4:0.6.6-0ubuntu0.11.04.1	UNKNOWN
ubuntu	11.10	noarch	libav	< 4:0.7.6-0ubuntu0.11.10.1	UNKNOWN
ubuntu	upstream	noarch	libav	< 0.6.6,0.7.5,0.8.1	UNKNOWN
ubuntu	upstream	noarch	libav-extra	< any	UNKNOWN