CVE-2011-3362

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 0.7.3 FFmpeg versions 0.8.x prior to 0.8.2 libav versions prior to 0.7.2 is not mentioned, but libav through 0.7.1 is affected, so we can say libav versions prior to 0.7.2

Description The issue is related to an integer signedness error in the decode residual block function in cavsdec.c in libavcodec. This error can be exploited by remote attackers using a crafted Chinese AVS video file, potentially leading to a denial of service through memory corruption and application crash, or possibly allowing the execution of arbitrary code.

Recommendations For FFmpeg versions prior to 0.7.3, update to version 0.7.3 or later. For FFmpeg versions 0.8.x prior to 0.8.2, update to version 0.8.2 or later. For libav versions prior to 0.7.2, update to version 0.7.2 or later.