CVE-2011-3936

2012-08-2018:55:01

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.01

Percentile

83.8%

JSON

The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.

OSVersionArchitecturePackageVersionFilename
Debian12allffmpeg< 7:2.4.1-1ffmpeg_7:2.4.1-1_all.deb
Debian11allffmpeg< 7:2.4.1-1ffmpeg_7:2.4.1-1_all.deb
Debian999allffmpeg< 7:2.4.1-1ffmpeg_7:2.4.1-1_all.deb
Debian13allffmpeg< 7:2.4.1-1ffmpeg_7:2.4.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ffmpeg	< 7:2.4.1-1	ffmpeg_7:2.4.1-1_all.deb
Debian	11	all	ffmpeg	< 7:2.4.1-1	ffmpeg_7:2.4.1-1_all.deb
Debian	999	all	ffmpeg	< 7:2.4.1-1	ffmpeg_7:2.4.1-1_all.deb
Debian	13	all	ffmpeg	< 7:2.4.1-1	ffmpeg_7:2.4.1-1_all.deb