CVE-2011-4364 — Vulnetix

Try Vulnetix Request Demo

CVE-2011-4364 PUBLISHED CVSS 6.800000190734863 MEDIUM

Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.

EPSS 2.94% · 86.3th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

2.94%

86.3th percentile

Affected Products

Vendor	Product	Versions
ffmpeg	ffmpeg	0.6.3, 0.5, 0.5.1
libav	libav	0.7.1, 0.7.2, 0.5
n/a	n/a	n/a

Timeline

Aug 20, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86 url
http://libav.org/releases/libav-0.6.4.changelog url
MDVSA-2012:076 vendor-advisory
USN-1320-1 vendor-advisory
MDVSA-2012:074 vendor-advisory
MDVSA-2012:075 vendor-advisory
http://ffmpeg.org/ url
http://libav.org/ url
USN-1333-1 vendor-advisory
http://libav.org/releases/libav-0.5.6.changelog url
http://libav.org/releases/libav-0.7.3.changelog url
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86 url
https://nvd.nist.gov/vuln/detail/CVE-2011-4364 advisory
http://ffmpeg.org url
http://git.libav.org/?p=libav.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86 url
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86 url
http://libav.org url

Open in Interactive Console →