CVE-2011-1931

EUVD-2011-1929
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
ffmpegffmpeg
𝑥
≤ 0.6.2
ffmpegffmpeg
0.3
ffmpegffmpeg
0.3.1
ffmpegffmpeg
0.3.2
ffmpegffmpeg
0.3.3
ffmpegffmpeg
0.3.4
ffmpegffmpeg
0.4.0
ffmpegffmpeg
0.4.2
ffmpegffmpeg
0.4.3
ffmpegffmpeg
0.4.4
ffmpegffmpeg
0.4.5
ffmpegffmpeg
0.4.6
ffmpegffmpeg
0.4.7
ffmpegffmpeg
0.4.8
ffmpegffmpeg
0.4.9:pre1
ffmpegffmpeg
0.5
ffmpegffmpeg
0.5.1
ffmpegffmpeg
0.5.2
ffmpegffmpeg
0.5.3
ffmpegffmpeg
0.5.4
ffmpegffmpeg
0.6
ffmpegffmpeg
0.6.1
libavlibav
𝑥
≤ 0.6.2
libavlibav
0.3
libavlibav
0.3.1
libavlibav
0.3.2
libavlibav
0.3.3
libavlibav
0.3.4
libavlibav
0.4.0
libavlibav
0.4.1
libavlibav
0.4.2
libavlibav
0.4.3
libavlibav
0.4.4
libavlibav
0.4.5
libavlibav
0.4.6
libavlibav
0.4.7
libavlibav
0.4.8
libavlibav
0.4.9:pre1
libavlibav
0.5
libavlibav
0.5.4
libavlibav
0.6
libavlibav
0.6.1
videolanvlc_media_player
𝑥
≤ 1.1.9
videolanvlc_media_player
0.1.99b:b
videolanvlc_media_player
0.1.99e:e
videolanvlc_media_player
0.1.99f:f
videolanvlc_media_player
0.1.99g:g
videolanvlc_media_player
0.1.99h:h
videolanvlc_media_player
0.1.99i:i
videolanvlc_media_player
0.2.0
videolanvlc_media_player
0.2.60
videolanvlc_media_player
0.2.61
videolanvlc_media_player
0.2.62
videolanvlc_media_player
0.2.63
videolanvlc_media_player
0.2.70
videolanvlc_media_player
0.2.71
videolanvlc_media_player
0.2.72
videolanvlc_media_player
0.2.73
videolanvlc_media_player
0.2.80
videolanvlc_media_player
0.2.81
videolanvlc_media_player
0.2.82
videolanvlc_media_player
0.2.83
videolanvlc_media_player
0.2.90
videolanvlc_media_player
0.2.91
videolanvlc_media_player
0.2.92
videolanvlc_media_player
0.3.0
videolanvlc_media_player
0.3.1
videolanvlc_media_player
0.4.0
videolanvlc_media_player
0.4.1
videolanvlc_media_player
0.4.2
videolanvlc_media_player
0.4.3
videolanvlc_media_player
0.4.4
videolanvlc_media_player
0.4.5
videolanvlc_media_player
0.4.6
videolanvlc_media_player
0.5.0
videolanvlc_media_player
0.5.1
videolanvlc_media_player
0.5.2
videolanvlc_media_player
0.5.3
videolanvlc_media_player
0.6.0
videolanvlc_media_player
0.6.1
videolanvlc_media_player
0.6.2
videolanvlc_media_player
0.7.0
videolanvlc_media_player
0.7.2
videolanvlc_media_player
0.8.0
videolanvlc_media_player
0.8.1
videolanvlc_media_player
0.8.2
videolanvlc_media_player
0.8.4
videolanvlc_media_player
0.8.5
videolanvlc_media_player
0.8.6
videolanvlc_media_player
0.9.2
videolanvlc_media_player
0.9.3
videolanvlc_media_player
0.9.4
videolanvlc_media_player
0.9.5
videolanvlc_media_player
0.9.6
videolanvlc_media_player
0.9.8a:a
videolanvlc_media_player
0.9.9
videolanvlc_media_player
0.9.10
videolanvlc_media_player
1.0.0
videolanvlc_media_player
1.0.1
videolanvlc_media_player
1.0.2
videolanvlc_media_player
1.0.3
videolanvlc_media_player
1.0.4
videolanvlc_media_player
1.0.5
videolanvlc_media_player
1.0.6
videolanvlc_media_player
1.1.0
videolanvlc_media_player
1.1.1
videolanvlc_media_player
1.1.2
videolanvlc_media_player
1.1.3
videolanvlc_media_player
1.1.4
videolanvlc_media_player
1.1.4.1
videolanvlc_media_player
1.1.5
videolanvlc_media_player
1.1.6
videolanvlc_media_player
1.1.7
videolanvlc_media_player
1.1.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bookworm
7:5.1.6-0+deb12u1
fixed
bookworm (security)
7:5.1.6-0+deb12u1
fixed
bullseye
7:4.3.7-0+deb11u1
fixed
bullseye (security)
7:4.3.8-0+deb11u1
fixed
sid
7:7.1-3
fixed
trixie
7:7.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ffmpeg
hardy
ignored
lucid
not-affected
maverick
Fixed 4:0.6-2ubuntu6.2
released
natty
dne
oneiric
dne
ffmpeg-extra
hardy
dne
lucid
not-affected
maverick
Fixed 4:0.6-2ubuntu3.3
released
natty
dne
oneiric
dne
libav
hardy
dne
lucid
dne
maverick
dne
natty
Fixed 4:0.6.2-1ubuntu1.1
released
oneiric
not-affected
libav-extra
hardy
dne
lucid
dne
maverick
dne
natty
Fixed 4:0.6.4-1ubuntu1
released
oneiric
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32
http://securityreason.com/securityalert/8299
http://www.securityfocus.com/archive/1/517706
http://www.securityfocus.com/bid/47602
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32
http://securityreason.com/securityalert/8299
http://www.securityfocus.com/archive/1/517706
http://www.securityfocus.com/bid/47602