CVE-2011-3947

Name of the Vulnerable Software and Affected Versions FFmpeg versions 0.7.x through 0.7.11 FFmpeg versions 0.8.x through 0.8.10 Libav versions 0.5.x through 0.5.8 Libav versions 0.6.x through 0.6.5 Libav versions 0.7.x through 0.7.4 Libav versions 0.8.x through 0.8.0

Description The issue is a buffer overflow in the mjpegbdec.c file within the libavcodec component. This can be triggered by remote attackers sending a crafted MJPEG-B file, potentially leading to a denial of service (crash) and possibly the execution of arbitrary code.

Recommendations For FFmpeg versions 0.7.x through 0.7.11, update to version 0.7.12 or later. For FFmpeg versions 0.8.x through 0.8.10, update to version 0.8.11 or later. For Libav versions 0.5.x through 0.5.8, update to version 0.5.9 or later. For Libav versions 0.6.x through 0.6.5, update to version 0.6.6 or later. For Libav versions 0.7.x through 0.7.4, update to version 0.7.5 or later. For Libav versions 0.8.x through 0.8.0, update to version 0.8.1 or later.