CVE-2011-4353

Name of the Vulnerable Software and Affected Versions FFmpeg versions 0.5.x through 0.5.6 FFmpeg versions 0.6.x through 0.6.3 FFmpeg versions 0.7.x through 0.7.8 FFmpeg versions 0.8.x through 0.8.7 Libav versions 0.5.x through 0.5.5 Libav versions 0.6.x through 0.6.3 Libav versions 0.7.x through 0.7.2

Description The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream. This is due to the av image fill pointers, vp5 parse coeff, and vp6 parse coeff functions in the affected software. The vulnerability can be exploited remotely, potentially leading to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For FFmpeg versions 0.5.x through 0.5.6, update to version 0.5.7 or later. For FFmpeg versions 0.6.x through 0.6.3, update to version 0.6.4 or later. For FFmpeg versions 0.7.x through 0.7.8, update to version 0.7.9 or later. For FFmpeg versions 0.8.x through 0.8.7, update to version 0.8.8 or later. For Libav versions 0.5.x through 0.5.5, update to version 0.5.6 or later. For Libav versions 0.6.x through 0.6.3, update to version 0.6.4 or later. For Libav versions 0.7.x through 0.7.2, update to version 0.7.3 or later. As a temporary workaround, consider disabling the av image fill pointers, vp5 parse coeff, and vp6 parse coeff functions until a patch is available.