CVE-2011-4031 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Affected Products (NVD)

Vendor	Product	Version
ffmpeg	ffmpeg	𝑥 < 0.8.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ffmpeg

bookworm	7:5.1.6-0+deb12u1 fixed
bookworm (security)	7:5.1.6-0+deb12u1 fixed
bullseye	7:4.3.7-0+deb11u1 fixed
bullseye (security)	7:4.3.8-0+deb11u1 fixed
sid	7:7.1-3 fixed
trixie	7:7.1-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

ffmpeg

hardy	ignored
lucid	not-affected
natty	dne
oneiric	dne
precise	dne

ffmpeg-extra

hardy	dne
lucid	not-affected
natty	dne
oneiric	dne
precise	dne

libav

hardy	dne
lucid	dne
natty	not-affected
oneiric	Fixed 4:0.7.6-0ubuntu0.11.10.1 released
precise	not-affected

libav-extra

hardy	dne
lucid	dne
natty	not-affected
oneiric	Fixed released
precise	not-affected

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c2a2ad133eb9d42361804a568dee336992349a5e

http://git.videolan.org/?p=ffmpeg.git%3Ba=shortlog%3Bh=n0.8.3

http://technet.microsoft.com/en-us/security/msvr/msvr11-012

http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=c2a2ad133eb9d42361804a568dee336992349a5e

http://git.videolan.org/?p=ffmpeg.git%3Ba=shortlog%3Bh=n0.8.3

http://technet.microsoft.com/en-us/security/msvr/msvr11-012