CVE-2011-3937

EUVD-2011-3890
The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changing with frame threads."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
ffmpegffmpeg
𝑥
≤ 0.9.1
ffmpegffmpeg
0.3
ffmpegffmpeg
0.3.1
ffmpegffmpeg
0.3.2
ffmpegffmpeg
0.3.3
ffmpegffmpeg
0.3.4
ffmpegffmpeg
0.4.0
ffmpegffmpeg
0.4.2
ffmpegffmpeg
0.4.3
ffmpegffmpeg
0.4.4
ffmpegffmpeg
0.4.5
ffmpegffmpeg
0.4.6
ffmpegffmpeg
0.4.7
ffmpegffmpeg
0.4.8
ffmpegffmpeg
0.4.9
ffmpegffmpeg
0.4.9:pre1
ffmpegffmpeg
0.5
ffmpegffmpeg
0.5.1
ffmpegffmpeg
0.5.2
ffmpegffmpeg
0.5.3
ffmpegffmpeg
0.5.4
ffmpegffmpeg
0.5.4.5
ffmpegffmpeg
0.5.4.6
ffmpegffmpeg
0.6
ffmpegffmpeg
0.6.1
ffmpegffmpeg
0.6.2
ffmpegffmpeg
0.6.3
ffmpegffmpeg
0.7
ffmpegffmpeg
0.7.1
ffmpegffmpeg
0.7.2
ffmpegffmpeg
0.7.3
ffmpegffmpeg
0.7.4
ffmpegffmpeg
0.7.5
ffmpegffmpeg
0.7.6
ffmpegffmpeg
0.7.7
ffmpegffmpeg
0.7.8
ffmpegffmpeg
0.7.9
ffmpegffmpeg
0.7.11
ffmpegffmpeg
0.7.12
ffmpegffmpeg
0.8.0
ffmpegffmpeg
0.8.1
ffmpegffmpeg
0.8.2
ffmpegffmpeg
0.8.5
ffmpegffmpeg
0.8.5.3
ffmpegffmpeg
0.8.5.4
ffmpegffmpeg
0.8.6
ffmpegffmpeg
0.8.7
ffmpegffmpeg
0.8.8
ffmpegffmpeg
0.8.10
ffmpegffmpeg
0.8.11
ffmpegffmpeg
0.9
libavlibav
0.5
libavlibav
0.5.1
libavlibav
0.5.2
libavlibav
0.5.3
libavlibav
0.5.4
libavlibav
0.5.5
libavlibav
0.5.6
libavlibav
0.5.7
libavlibav
0.5.8
libavlibav
0.6
libavlibav
0.6.1
libavlibav
0.6.2
libavlibav
0.6.3
libavlibav
0.6.4
libavlibav
0.6.5
libavlibav
0.7
libavlibav
0.7:beta1
libavlibav
0.7:beta2
libavlibav
0.7.1
libavlibav
0.7.2
libavlibav
0.7.3
libavlibav
0.7.4
libavlibav
0.8
libavlibav
0.8:beta2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bookworm
7:5.1.6-0+deb12u1
fixed
bookworm (security)
7:5.1.6-0+deb12u1
fixed
bullseye
7:4.3.7-0+deb11u1
fixed
bullseye (security)
7:4.3.8-0+deb11u1
fixed
sid
7:7.1-3
fixed
trixie
7:7.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ffmpeg
hardy
ignored
lucid
not-affected
natty
dne
oneiric
dne
precise
dne
ffmpeg-extra
hardy
dne
lucid
not-affected
natty
dne
oneiric
dne
precise
dne
libav
hardy
dne
lucid
dne
natty
not-affected
oneiric
not-affected
precise
not-affected
libav-extra
hardy
dne
lucid
dne
natty
not-affected
oneiric
not-affected
precise
not-affected
References
http://ffmpeg.org/security.html
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba
http://libav.org/news.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079
http://ffmpeg.org/security.html
http://git.libav.org/?p=libav.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=71db86d53b5c6872cea31bf714a1a38ec78feaba
http://libav.org/news.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:079