CVE-2011-4579 — Vulnetix

Try Vulnetix Request Demo

CVE-2011-4579 PUBLISHED CVSS 4.300000190734863 MEDIUM

The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed."

EPSS 2.21% · 84.3th percentile

Risk Scores

CVSS v2.0

4.300000190734863

EPSS Score

2.21%

84.3th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
ffmpeg	ffmpeg	0.5, 0.5.1, 0.5.2
libav	libav	0.5, 0.5.1, 0.5.2

Timeline

Aug 20, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Oct 22, 2023 EPSS Score
Dec 13, 2023 EPSS Score

References

http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229 url
MDVSA-2012:076 vendor-advisory
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=6e24b9488e67849a28e64a8056e05f83cf439229 url
USN-1320-1 vendor-advisory
MDVSA-2012:074 vendor-advisory
MDVSA-2012:075 vendor-advisory
http://ffmpeg.org/ url
http://libav.org/ url
USN-1333-1 vendor-advisory
20111123 NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2011-4579 advisory
http://ffmpeg.org url
http://git.libav.org/?p=libav.git;a=commit;h=6e24b9488e67849a28e64a8056e05f83cf439229 url
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e24b9488e67849a28e64a8056e05f83cf439229 url
http://libav.org url

Open in Interactive Console →