CVE-2011-3945 Information

Description

The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9 0.6.x before 0.6.6 0.7.x before 0.7.5 and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.

Reference

http://ffmpeg.org/ http://git.libav.org/?p=libav.git;a=commit;h=a02e8df973f5478ec82f4c507f5b5b191a5ecb6b http://git.videolan.org/?p=ffmpeg.git;a=commit;h=807a045ab7f51993a2c1b3116016cbbd4f3d20d6 http://libav.org/ http://www.mandriva.com/security/advisories?name=MDVSA-2012:076