cvelistv5 - cve-2011-3929

CVE-2011-3929 (GCVE-0-2011-3929)

Vulnerability from cvelistv5

Published

2012-08-20 18:00

Modified

2024-08-06 23:53

Severity ?

CWE

Summary

The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.

References

URL

Tags

	http://www.ubuntu.com/usn/USN-1479-1	vendor-advisory, x_refsource_UBUNTU
	http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04	x_refsource_CONFIRM
	http://secunia.com/advisories/49089	third-party-advisory, x_refsource_SECUNIA
	http://ffmpeg.org/	x_refsource_CONFIRM
	http://www.debian.org/security/2012/dsa-2471	vendor-advisory, x_refsource_DEBIAN
	http://libav.org/	x_refsource_CONFIRM
	http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:53:32.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1479-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1479-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
          },
          {
            "name": "49089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49089"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ffmpeg.org/"
          },
          {
            "name": "DSA-2471",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2471"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://libav.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-30T09:00:00.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "USN-1479-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1479-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=5a396bb3a66a61a68b80f2369d0249729bf85e04"
        },
        {
          "name": "49089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49089"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ffmpeg.org/"
        },
        {
          "name": "DSA-2471",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2471"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://libav.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=635bcfccd439480003b74a665b5aa7c872c1ad6b"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2011-3929",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-1479-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1479-1"
            },
            {
              "name": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04",
              "refsource": "CONFIRM",
              "url": "http://git.libav.org/?p=libav.git;a=commitdiff;h=5a396bb3a66a61a68b80f2369d0249729bf85e04"
            },
            {
              "name": "49089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49089"
            },
            {
              "name": "http://ffmpeg.org/",
              "refsource": "CONFIRM",
              "url": "http://ffmpeg.org/"
            },
            {
              "name": "DSA-2471",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2471"
            },
            {
              "name": "http://libav.org/",
              "refsource": "CONFIRM",
              "url": "http://libav.org/"
            },
            {
              "name": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b",
              "refsource": "CONFIRM",
              "url": "http://git.libav.org/?p=libav.git;a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2011-3929",
    "datePublished": "2012-08-20T18:00:00.000Z",
    "dateReserved": "2011-10-01T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:53:32.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-253

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les versions 0.7 et 0.8 de FFmpeg. Ces vulnérabilités peuvent être exploitées par une personne malveillante distante pour effectuer un déni de service ou pour compromettre un système au moyen d'un fichier spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	FFmpeg 0.8 versions antérieures à 0.8.11 ;
	N/A	N/A	FFmepg 0.7 versions antérieures à 0.7.12.

References

Title

Publication Time

Tags

Bulletin FFmpeg

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FFmpeg 0.8 versions ant\u00e9rieures \u00e0 0.8.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "FFmepg 0.7 versions ant\u00e9rieures \u00e0 0.7.12.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
    },
    {
      "name": "CVE-2011-3929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
    },
    {
      "name": "CVE-2011-3936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
    },
    {
      "name": "CVE-2011-3937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
    },
    {
      "name": "CVE-2011-3940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
    },
    {
      "name": "CVE-2011-3947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
    },
    {
      "name": "CVE-2012-0853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0853"
    },
    {
      "name": "CVE-2012-0858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0858"
    }
  ],
  "initial_release_date": "2012-05-07T00:00:00",
  "last_revision_date": "2012-05-07T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-253",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les versions 0.7 et\n0.8 de FFmpeg. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par une\npersonne malveillante distante pour effectuer un d\u00e9ni de service ou pour\ncompromettre un syst\u00e8me au moyen d\u0027un fichier sp\u00e9cialement con\u00e7u.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin FFmpeg",
      "url": "http://ffmpeg.org/index.html#pr0811"
    }
  ]
}

CERTA-2012-AVI-039

Vulnerability from certfr_avis

De multiples vulnérabilités présentes dans FFmpeg permettent d'effectuer une exécution de code ou un deni de service à distance.

Description

De multiples vulnérabilités ont été corrigées dans FFmpeg. Ces vulnérabilités permettent à une personne malintentionnée d'effectuer une exécution de code ou un deni de service à distance au moyen d'un fichier spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La version 0.10 corrige le problème.

FFmpeg versions antérieures à 0.10.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité FFmpeg

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFFmpeg versions ant\u00e9rieures \u00e0 0.10.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans FFmpeg. Ces\nvuln\u00e9rabilit\u00e9s permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code ou un deni de service \u00e0 distance au moyen d\u0027un fichier\nsp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). La version 0.10 corrige le\nprobl\u00e8me.\n",
  "cves": [
    {
      "name": "CVE-2011-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3945"
    },
    {
      "name": "CVE-2011-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3950"
    },
    {
      "name": "CVE-2011-3929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3929"
    },
    {
      "name": "CVE-2011-3936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3936"
    },
    {
      "name": "CVE-2011-3937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3937"
    },
    {
      "name": "CVE-2011-3940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3940"
    },
    {
      "name": "CVE-2011-3947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3947"
    },
    {
      "name": "CVE-2011-3934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3934"
    },
    {
      "name": "CVE-2011-3949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3949"
    },
    {
      "name": "CVE-2011-3952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3952"
    },
    {
      "name": "CVE-2011-3946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3946"
    },
    {
      "name": "CVE-2011-3935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3935"
    },
    {
      "name": "CVE-2011-3944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3944"
    },
    {
      "name": "CVE-2011-3941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3941"
    },
    {
      "name": "CVE-2011-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3951"
    }
  ],
  "initial_release_date": "2012-01-31T00:00:00",
  "last_revision_date": "2012-01-31T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-039",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans FFmpeg permettent d\u0027effectuer\nune ex\u00e9cution de code ou un deni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans FFmpeg",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FFmpeg",
      "url": "http://ffmpeg.org/security.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-3929 (GCVE-0-2011-3929)

Vulnerability from cvelistv5

CERTA-2012-AVI-253

Vulnerability from certfr_avis

Solution

CERTA-2012-AVI-039

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature