CVE-2011-4364

Name of the Vulnerable Software and Affected Versions FFmpeg versions 0.5.x through 0.5.6 FFmpeg versions 0.6.x through 0.6.3 FFmpeg versions 0.7.x through 0.7.8 FFmpeg versions 0.8.x through 0.8.7 Libav versions 0.5.x through 0.5.5 Libav versions 0.6.x through 0.6.3 Libav versions 0.7.x through 0.7.2

Description A buffer overflow in the Sierra VMD decoder in libavcodec allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams. Multiple vulnerabilities in the FFmpeg package may lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For FFmpeg versions 0.5.x through 0.5.6, update to version 0.5.7 or later. For FFmpeg versions 0.6.x through 0.6.3, update to version 0.6.4 or later. For FFmpeg versions 0.7.x through 0.7.8, update to version 0.7.9 or later. For FFmpeg versions 0.8.x through 0.8.7, update to version 0.8.8 or later. For Libav versions 0.5.x through 0.5.5, update to version 0.5.6 or later. For Libav versions 0.6.x through 0.6.3, update to version 0.6.4 or later. For Libav versions 0.7.x through 0.7.2, update to version 0.7.3 or later.