CVE-2011-3504
Mandriva Linux Security Advisory 2012-075
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.
El decodificador de formato Matroska en FFmpeg antes de v0.8.3 no asigna correctamente la memoria, lo que permite a atacantes remotos ejecutar código arbitrario mediante un archivo modificado.
Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04. Phillip Langlois discovered that Libav incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-09-16 CVE Reserved
- 2011-09-29 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/45532 | Third Party Advisory | |
| http://technet.microsoft.com/en-us/security/msvr/msvr11-011 | X_refsource_misc | |
| http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog | X_refsource_misc | |
| http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog | X_refsource_misc | |
| http://www.osvdb.org/75621 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://ubuntu.com/usn/usn-1320-1 | 2018-10-30 | |
| http://ubuntu.com/usn/usn-1333-1 | 2018-10-30 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 | 2018-10-30 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 | 2018-10-30 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | <= 0.8.0 Search vendor "Ffmpeg" for product "Ffmpeg" and version " <= 0.8.0" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.3" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.3.1 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.3.1" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.3.2 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.3.2" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.3.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.3.3" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.3.4 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.3.4" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.0 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.0" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.2 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.2" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.3" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.4 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.4" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.5 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.5" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.6 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.6" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.7 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.7" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.8 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.8" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.9 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.9" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.4.9 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.4.9" | pre1 |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.5 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.5" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.5.1 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.5.1" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.5.2 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.5.2" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.5.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.5.3" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.5.4 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.5.4" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.6 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.6" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.6.1 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.6.1" | - |
Affected
| ||||||
| Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | 0.6.2 Search vendor "Ffmpeg" for product "Ffmpeg" and version "0.6.2" | - |
Affected
| ||||||