CVE-2011-4352

Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow.

Published: Aug 20, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-4352
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
libav / libav	0.7-beta2	0.7-beta2.x
libav / libav	0.7	0.7.x
libav / libav	0.5.3	0.5.3.x
libav / libav	0.6.2	0.6.2.x
libav / libav	0.5	0.5.x
libav / libav	0.7.1	0.7.1.x
libav / libav	0.5.2	0.5.2.x
libav / libav	0.5.5	0.5.5.x
libav / libav	0.6.3	0.6.3.x
libav / libav	0.5.4	0.5.4.x
libav / libav	0.6.1	0.6.1.x
libav / libav	0.6	0.6.x
libav / libav	0.5.1	0.5.1.x
libav / libav	0.7-beta1	0.7-beta1.x
ffmpeg / ffmpeg	0.7.7	0.7.7.x
ffmpeg / ffmpeg	0.7.1	0.7.1.x
ffmpeg / ffmpeg	0.7.6	0.7.6.x
ffmpeg / ffmpeg	0.8.6	0.8.6.x
ffmpeg / ffmpeg	0.6.1	0.6.1.x
ffmpeg / ffmpeg	0.7.5	0.7.5.x
ffmpeg / ffmpeg	0.5.4.6	0.5.4.6.x
ffmpeg / ffmpeg	0.5	0.5.x
ffmpeg / ffmpeg	0.5.4	0.5.4.x
ffmpeg / ffmpeg	0.8.5.4	0.8.5.4.x
ffmpeg / ffmpeg	0.8.5.3	0.8.5.3.x
ffmpeg / ffmpeg	0.5.1	0.5.1.x
ffmpeg / ffmpeg	0.8.5	0.8.5.x
ffmpeg / ffmpeg	0.7.3	0.7.3.x
ffmpeg / ffmpeg	0.7.4	0.7.4.x
ffmpeg / ffmpeg	0.8.0	0.8.0.x
ffmpeg / ffmpeg	0.6	0.6.x
ffmpeg / ffmpeg	0.5.3	0.5.3.x
ffmpeg / ffmpeg	0.5.2	0.5.2.x
ffmpeg / ffmpeg	0.7.8	0.7.8.x
ffmpeg / ffmpeg	0.6.2	0.6.2.x
ffmpeg / ffmpeg	0.8.7	0.8.7.x
ffmpeg / ffmpeg	0.5.4.5	0.5.4.5.x
ffmpeg / ffmpeg	0.7	0.7.x
ffmpeg / ffmpeg	0.8.1	0.8.1.x
ffmpeg / ffmpeg	0.6.3	0.6.3.x
ffmpeg / ffmpeg	0.8.2	0.8.2.x
ffmpeg / ffmpeg	0.7.2	0.7.2.x

Vulnerability Database

289,697

CVE-2011-4352