CVE-2011-3974

Published: Oct 2, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.

Affected (28)

Products: Ffmpeg: Ffmpeg

Ffmpeg

1 product

Ffmpeg

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Ffmpeg Ffmpeg	Up to 0.7.3
Ffmpeg Ffmpeg	Version 0.3.1
Ffmpeg Ffmpeg	Version 0.3.2
Ffmpeg Ffmpeg	Version 0.3.3
Ffmpeg Ffmpeg	Version 0.3.4
Ffmpeg Ffmpeg	Version 0.3
Ffmpeg Ffmpeg	Version 0.4.0
Ffmpeg Ffmpeg	Version 0.4.2
Ffmpeg Ffmpeg	Version 0.4.3
Ffmpeg Ffmpeg	Version 0.4.4
Ffmpeg Ffmpeg	Version 0.4.5
Ffmpeg Ffmpeg	Version 0.4.6
Ffmpeg Ffmpeg	Version 0.4.7
Ffmpeg Ffmpeg	Version 0.4.8
Ffmpeg Ffmpeg	Version 0.4.9 pre1
Ffmpeg Ffmpeg	Version 0.5.1
Ffmpeg Ffmpeg	Version 0.5.2
Ffmpeg Ffmpeg	Version 0.5.3
Ffmpeg Ffmpeg	Version 0.5.4
Ffmpeg Ffmpeg	Version 0.5
Ffmpeg Ffmpeg	Version 0.6.1
Ffmpeg Ffmpeg	Version 0.6.2
Ffmpeg Ffmpeg	Version 0.6
Ffmpeg Ffmpeg	Version 0.7.1
Ffmpeg Ffmpeg	Version 0.7.2