CVE-2011-4352

Name of the Vulnerable Software and Affected Versions FFmpeg versions 0.5.x through 0.5.6, 0.6.x through 0.6.3, 0.7.x through 0.7.8, and 0.8.x through 0.8.7 Libav versions 0.5.x through 0.5.5, 0.6.x through 0.6.3, and 0.7.x through 0.7.2

Description The issue is caused by an integer overflow in the vp3 dequant function in the VP3 decoder, which can be triggered by a crafted VP3 stream. This can lead to a denial of service (crash) and potentially allow the execution of arbitrary code via a buffer overflow.

Recommendations For FFmpeg versions 0.5.x through 0.5.6, update to version 0.5.7 or later. For FFmpeg versions 0.6.x through 0.6.3, update to version 0.6.4 or later. For FFmpeg versions 0.7.x through 0.7.8, update to version 0.7.9 or later. For FFmpeg versions 0.8.x through 0.8.7, update to version 0.8.8 or later. For Libav versions 0.5.x through 0.5.5, update to version 0.5.6 or later. For Libav versions 0.6.x through 0.6.3, update to version 0.6.4 or later. For Libav versions 0.7.x through 0.7.2, update to version 0.7.3 or later.