CVE-2011-3362

2011-10-0220:55:01

Debian Security Bug Tracker

security-tracker.debian.org

integer signedness error

decode_residual_block

libavcodec

ffmpeg

denial of service

execute arbitrary code

crafted chinese avs video

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.024

Percentile

90.2%

JSON

Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.

OSVersionArchitecturePackageVersionFilename
Debian12allffmpeg< 7:2.4.1-1ffmpeg_7:2.4.1-1_all.deb
Debian11allffmpeg< 7:2.4.1-1ffmpeg_7:2.4.1-1_all.deb
Debian999allffmpeg< 7:2.4.1-1ffmpeg_7:2.4.1-1_all.deb
Debian13allffmpeg< 7:2.4.1-1ffmpeg_7:2.4.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ffmpeg	< 7:2.4.1-1	ffmpeg_7:2.4.1-1_all.deb
Debian	11	all	ffmpeg	< 7:2.4.1-1	ffmpeg_7:2.4.1-1_all.deb
Debian	999	all	ffmpeg	< 7:2.4.1-1	ffmpeg_7:2.4.1-1_all.deb
Debian	13	all	ffmpeg	< 7:2.4.1-1	ffmpeg_7:2.4.1-1_all.deb