VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 20, 2012· Updated Apr 29, 2026

CVE-2011-3945

CVE-2011-3945

Description

The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.

Affected products

40
  • FFmpeg/Ffmpeg17 versions
    cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*
  • Libav/Libav23 versions
    cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*+ 22 more
    • cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.