{ "schema_version": "1.4.0", "id": "GHSA-xwfp-hmj5-wfj5", "modified": "2025-04-11T04:00:54Z", "published": "2022-05-17T05:19:48Z", "aliases": [ "CVE-2011-3940" ], "details": "nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers \"use of uninitialized streams.\"", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3940" }, { "type": "WEB", "url": "http://ffmpeg.org" }, { "type": "WEB", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b" }, { "type": "WEB", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a" }, { "type": "WEB", "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c898431ca5ef2a997fe9388b650f658fb60783e5" }, { "type": "WEB", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5c011706bc752d34bc6ada31d7df2ca0c9af7c6b" }, { "type": "WEB", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a" }, { "type": "WEB", "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c898431ca5ef2a997fe9388b650f658fb60783e5" }, { "type": "WEB", "url": "http://libav.org" }, { "type": "WEB", "url": "http://secunia.com/advisories/49089" }, { "type": "WEB", "url": "http://www.debian.org/security/2012/dsa-2471" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/USN-1479-1" } ], "database_specific": { "cwe_ids": [ "CWE-119" ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2012-08-20T18:55:00Z" } }