CVE-2011-3936
Description
The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
43cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*
- (no CPE)range: <=0.7.11 (0.7.x) / <=0.8.10 (0.8.x)
cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*
- (no CPE)range: <0.5.9, <0.6.6, <0.7.5, <0.8.1
Patches
Vulnerability mechanics
Root cause
"Missing input validation in the dv_extract_audio function allows an out-of-bounds read when processing a crafted DV file."
Attack vector
An attacker crafts a malicious DV file with specially manipulated audio parameters. When the `dv_extract_audio` function processes this file, it performs an out-of-bounds read due to improper input validation [CWE-20]. This results in an application crash, leading to a denial of service. The attack requires no authentication and is triggered simply by opening or processing the crafted DV file.
Affected code
The vulnerability resides in the `dv_extract_audio` function within `libavcodec` in FFmpeg and Libav. The advisory does not specify the exact file path or line numbers, but the function is responsible for extracting audio data from DV (Digital Video) files.
What the fix does
The advisory does not include a patch diff. The recommended remediation is to upgrade to a fixed version: FFmpeg 0.7.12 or 0.8.11, or Libav 0.5.9, 0.6.6, 0.7.5, or 0.8.1, depending on the branch. These versions contain input validation fixes that prevent the out-of-bounds read in `dv_extract_audio`.
Preconditions
- inputThe attacker must supply a crafted DV file to an application using the vulnerable libavcodec library.
- authNo authentication or special privileges are required; the crash occurs upon processing the file.
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7News mentions
0No linked articles in our index yet.