CVE-2011-3946
Description
Crafted SEI data in FFmpeg before 0.10 causes infinite loop in h264 decoder, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Crafted SEI data in FFmpeg before 0.10 causes infinite loop in h264 decoder, leading to denial of service.
Vulnerability
The vulnerability is in the ff_h264_decode_sei function in libavcodec/h264_sei.c of FFmpeg. Crafted Supplemental Enhancement Information (SEI) data triggers an infinite loop. Affected versions are FFmpeg before 0.10.
Exploitation
An attacker can exploit this by providing a specially crafted multimedia file containing malicious SEI data. No authentication is required; the attacker only needs to deliver the file to a user or service using FFmpeg to decode it.
Impact
Successful exploitation causes an infinite loop, leading to a denial of service (DoS) condition.
Mitigation
The vulnerability is fixed in FFmpeg version 0.10 and later. Users should upgrade to at least version 0.10. No workarounds are documented in the available references.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
53cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*+ 51 more
- cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*range: <=0.9.1
- cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*
- (no CPE)range: <0.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.