[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-1931

Date: (C)2011-07-07   (M)2016-03-27
 
CVSS Score: 6.8Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.

Reference:
http://www.securityfocus.com/archive/1/517706
BID-47602
SREASON-8299
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32

CPE    99
cpe:/a:ffmpeg:ffmpeg:0.4.9:pre1
cpe:/a:libav:libav:0.5.4
cpe:/a:ffmpeg:ffmpeg:0.6.1
cpe:/a:ffmpeg:ffmpeg:0.6.2
...
CWE    1
CWE-119
OVAL    1
oval:org.secpod.oval:def:30726

© 2013 SecPod Technologies