CVE-2011-3940

nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."

Published: Aug 20, 2012
Updated: Nov 8, 2023
CVE: CVE-2011-3940
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
ffmpeg / ffmpeg	0.7.7	0.7.7.x
ffmpeg / ffmpeg	0.7.1	0.7.1.x
ffmpeg / ffmpeg	0.7.6	0.7.6.x
ffmpeg / ffmpeg	0.7.8	0.7.8.x
ffmpeg / ffmpeg	0.7.9	0.7.9.x
ffmpeg / ffmpeg	0.7.11	0.7.11.x
ffmpeg / ffmpeg	0.7.2	0.7.2.x
ffmpeg / ffmpeg	0.8.6	0.8.6.x
ffmpeg / ffmpeg	0.8.5	0.8.5.x
ffmpeg / ffmpeg	0.8.10	0.8.10.x
ffmpeg / ffmpeg	0.8.7	0.8.7.x
ffmpeg / ffmpeg	0.8.8	0.8.8.x
libav / libav	0.5.6	0.5.6.x
libav / libav	0.5.7	0.5.7.x
libav / libav	0.5.3	0.5.3.x
libav / libav	0.5	0.5.x
libav / libav	0.5.2	0.5.2.x
libav / libav	0.5.5	0.5.5.x
libav / libav	0.5.4	0.5.4.x
libav / libav	0.5.1	0.5.1.x
libav / libav	0.6.5	0.6.5.x
libav / libav	0.6.2	0.6.2.x
libav / libav	0.6.4	0.6.4.x
libav / libav	0.6.3	0.6.3.x
libav / libav	0.6.1	0.6.1.x
libav / libav	0.6	0.6.x
libav / libav	0.7	0.7.x
libav / libav	0.7.4	0.7.4.x
libav / libav	0.7.1	0.7.1.x
libav / libav	0.7.2	0.7.2.x
libav / libav	0.7.3	0.7.3.x
libav / libav	0.8	0.8.x
libav / libav	0.8-beta2	0.8-beta2.x

Vulnerability Database

289,697

CVE-2011-3940