NVD Vulnerability Detail

CVE-2011-1931

Summary	sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
Publication Date	July 8, 2011, 6:55 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:27 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:ffmpeg:ffmpeg::::::::			0.6.2
cpe:2.3:a:ffmpeg:ffmpeg:0.3:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1::::::
cpe:2.3:a:ffmpeg:ffmpeg:0.5:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.6:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:::::::*
execution environment
1	cpe:2.3:a:ffmpeg:libavcodec::::::::
cpe:2.3:a:libav:libav::::::::			0.6.2
cpe:2.3:a:libav:libav:0.3:::::::*
cpe:2.3:a:libav:libav:0.3.1:::::::*
cpe:2.3:a:libav:libav:0.3.2:::::::*
cpe:2.3:a:libav:libav:0.3.3:::::::*
cpe:2.3:a:libav:libav:0.3.4:::::::*
cpe:2.3:a:libav:libav:0.4.0:::::::*
cpe:2.3:a:libav:libav:0.4.1:::::::*
cpe:2.3:a:libav:libav:0.4.2:::::::*
cpe:2.3:a:libav:libav:0.4.3:::::::*
cpe:2.3:a:libav:libav:0.4.4:::::::*
cpe:2.3:a:libav:libav:0.4.5:::::::*
cpe:2.3:a:libav:libav:0.4.6:::::::*
cpe:2.3:a:libav:libav:0.4.7:::::::*
cpe:2.3:a:libav:libav:0.4.8:::::::*
cpe:2.3:a:libav:libav:0.4.9:pre1::::::
cpe:2.3:a:libav:libav:0.5:::::::*
cpe:2.3:a:libav:libav:0.5.4:::::::*
cpe:2.3:a:libav:libav:0.6:::::::*
cpe:2.3:a:libav:libav:0.6.1:::::::*
cpe:2.3:a:videolan:vlc_media_player::::::::			1.1.9
cpe:2.3:a:videolan:vlc_media_player:0.1.99b:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.1.99e:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.1.99f:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.1.99g:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.1.99h:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.1.99i:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.60:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.61:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.62:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.63:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.70:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.71:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.72:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.73:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.80:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.81:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.82:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.83:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.90:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.91:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.92:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.3.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.3.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.3:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.4:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.5:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.6:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.5.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.5.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.5.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.5.3:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.6.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.6.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.6.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.7.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.7.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.4:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.5:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.6:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.3:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.4:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.5:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.6:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.8a:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.9:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.10:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.3:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.4:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.5:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.6:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.3:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.4:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.5:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.6:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.7:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.8:::::::*

Related information, measures and tools

No	URL	タグ
1	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339	Patch
2	http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32
3	http://securityreason.com/securityalert/8299
4	http://www.securityfocus.com/archive/1/517706
5	http://www.securityfocus.com/bid/47602
6	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339	Patch
7	http://www.securityfocus.com/bid/47602
8	http://www.securityfocus.com/archive/1/517706
9	http://securityreason.com/securityalert/8299
10	http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

VideoLAN VLC メディアプレイヤーなどの製品で使用される FFmpeg および libav の Sunplus SP5X JPEG デコーダにおけるサービス運用妨害 (DoS) の脆弱性

Title	VideoLAN VLC メディアプレイヤーなどの製品で使用される FFmpeg および libav の Sunplus SP5X JPEG デコーダにおけるサービス運用妨害 (DoS) の脆弱性
Summary	VideoLAN VLC メディアプレイヤーなどの製品で使用される FFmpeg および libav の Sunplus SP5X JPEG デコーダの sp5xdec.c は、配列の範囲外で書き込み操作を実施するため、サービス運用妨害 (メモリ破損) 状態となる脆弱性が存在します。
Possible impacts	第三者により、不正な形式の AMV ファイルを介して、サービス運用妨害 (メモリ破損) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 7, 2011, midnight
Registration Date	March 27, 2012, 6:43 p.m.
Last Update	March 27, 2012, 6:43 p.m.

Affected System

FFmpeg

FFmpeg 0.6.3 未満

VideoLAN

VLC media player 1.1.9 およびそれ以前

Libav

Libav 0.6.2 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-1931	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1931
National Vulnerability Database (NVD)
2	CVE-2011-1931	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1931

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
FFmpeg
1	Top Page	http://www.ffmpeg.org/
Libav
2	Top Page	http://libav.org/
VideoLAN
3	89f903b3d5ec38c9c5d90fba7e626fa0eda61a32	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32

Change Log

No	Changed Details	Date of change
0	[2012年03月27日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:ffmpeg:ffmpeg::::::::			0.6.2
cpe:2.3:a:ffmpeg:ffmpeg:0.3:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1::::::
cpe:2.3:a:ffmpeg:ffmpeg:0.5:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.6:::::::*
cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:::::::*
execution environment
1	cpe:2.3:a:ffmpeg:libavcodec::::::::
cpe:2.3:a:libav:libav::::::::			0.6.2
cpe:2.3:a:libav:libav:0.3:::::::*
cpe:2.3:a:libav:libav:0.3.1:::::::*
cpe:2.3:a:libav:libav:0.3.2:::::::*
cpe:2.3:a:libav:libav:0.3.3:::::::*
cpe:2.3:a:libav:libav:0.3.4:::::::*
cpe:2.3:a:libav:libav:0.4.0:::::::*
cpe:2.3:a:libav:libav:0.4.1:::::::*
cpe:2.3:a:libav:libav:0.4.2:::::::*
cpe:2.3:a:libav:libav:0.4.3:::::::*
cpe:2.3:a:libav:libav:0.4.4:::::::*
cpe:2.3:a:libav:libav:0.4.5:::::::*
cpe:2.3:a:libav:libav:0.4.6:::::::*
cpe:2.3:a:libav:libav:0.4.7:::::::*
cpe:2.3:a:libav:libav:0.4.8:::::::*
cpe:2.3:a:libav:libav:0.4.9:pre1::::::
cpe:2.3:a:libav:libav:0.5:::::::*
cpe:2.3:a:libav:libav:0.5.4:::::::*
cpe:2.3:a:libav:libav:0.6:::::::*
cpe:2.3:a:libav:libav:0.6.1:::::::*
cpe:2.3:a:videolan:vlc_media_player::::::::			1.1.9
cpe:2.3:a:videolan:vlc_media_player:0.1.99b:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.1.99e:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.1.99f:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.1.99g:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.1.99h:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.1.99i:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.60:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.61:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.62:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.63:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.70:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.71:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.72:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.73:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.80:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.81:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.82:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.83:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.90:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.91:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.2.92:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.3.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.3.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.3:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.4:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.5:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.4.6:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.5.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.5.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.5.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.5.3:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.6.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.6.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.6.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.7.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.7.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.4:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.5:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.8.6:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.3:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.4:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.5:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.6:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.8a:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.9:::::::*
cpe:2.3:a:videolan:vlc_media_player:0.9.10:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.3:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.4:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.5:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.0.6:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.0:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.2:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.3:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.4:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.5:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.6:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.7:::::::*
cpe:2.3:a:videolan:vlc_media_player:1.1.8:::::::*