Unrated severityNVD Advisory· Published Aug 20, 2012· Updated Apr 29, 2026
CVE-2011-4364
CVE-2011-4364
Description
Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.
Affected products
40cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*
- cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- ffmpeg.orgnvd
- git.libav.orgnvd
- git.videolan.orgnvd
- libav.orgnvd
- libav.org/releases/libav-0.5.6.changelognvd
- libav.org/releases/libav-0.6.4.changelognvd
- libav.org/releases/libav-0.7.3.changelognvd
- ubuntu.com/usn/usn-1320-1nvd
- ubuntu.com/usn/usn-1333-1nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
News mentions
0No linked articles in our index yet.