CVE-2011-3974

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 0.7.4 FFmpeg versions 0.8.x prior to 0.8.3

Description The issue is caused by an integer signedness error in the decode residual inter function in cavsdec.c in libavcodec. This error allows remote attackers to cause a denial of service, resulting in an incorrect write operation and application crash, via an invalid bitstream in a Chinese AVS video file.

Recommendations For FFmpeg versions prior to 0.7.4, update to version 0.7.4 or later. For FFmpeg versions 0.8.x prior to 0.8.3, update to version 0.8.3 or later.