CVE-2011-1931

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 0.6.3 libav versions prior to 0.6.3 libavcodec in FFmpeg versions prior to 0.6.3 VideoLAN VLC media player versions 1.1.9 and earlier

Description The issue is related to a write operation outside the bounds of an array in the Sunplus SP5X JPEG decoder, which can lead to memory corruption or possibly allow remote attackers to execute arbitrary code. This can be achieved via a malformed AMV file.

Recommendations For FFmpeg versions prior to 0.6.3, update to version 0.6.3 or later. For libav versions prior to 0.6.3, update to version 0.6.3 or later. For VideoLAN VLC media player versions 1.1.9 and earlier, update to a version later than 1.1.9.