Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-464-1:09C2E
HistoryMay 10, 2016 - 11:07 a.m.

[SECURITY] [DLA 464-1] libav security update

2016-05-1011:07:28
lists.debian.org
9

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Package : libav
Version : 6:0.8.17-2+deb7u1
CVE ID : CVE-2014-9676

It was discovered that there was a use-after free vulnerability in
libav, a multimedia player, server, encoder and transcoder library.

The seg_write_packet function in libavformat/segment.c in ffmpeg
2.1.4 and earlier does not free the correct memory location, which
allows remote attackers to cause a denial of service ("invalid
memory handler") and possibly execute arbitrary code via a crafted
video that triggers a use after free.

For Debian 7 Wheezy, this issue has been fixed in libav version
6:0.8.17-2+deb7u1.

We recommend that you upgrade your libav packages.

Regards,

  ,''`.
 : :'  :     Chris Lamb
 `. `'`      [email protected] / chris-lamb.co.uk
   `-
OSVersionArchitecturePackageVersionFilename
Debian7armhflibswscale-dev< 6:0.8.17-2+deb7u1libswscale-dev_6:0.8.17-2+deb7u1_armhf.deb
Debian7i386libav-tools< 6:0.8.17-2+deb7u1libav-tools_6:0.8.17-2+deb7u1_i386.deb
Debian7armellibavcodec-dev< 6:0.8.17-2+deb7u1libavcodec-dev_6:0.8.17-2+deb7u1_armel.deb
Debian7i386libavdevice-dev< 6:0.8.17-2+deb7u1libavdevice-dev_6:0.8.17-2+deb7u1_i386.deb
Debian7alllibavfilter-extra-2< 6:0.8.17-2+deb7u1libavfilter-extra-2_6:0.8.17-2+deb7u1_all.deb
Debian7armellibavformat-dev< 6:0.8.17-2+deb7u1libavformat-dev_6:0.8.17-2+deb7u1_armel.deb
Debian7armellibpostproc52< 6:0.8.17-2+deb7u1libpostproc52_6:0.8.17-2+deb7u1_armel.deb
Debian7amd64libavcodec-dev< 6:0.8.17-2+deb7u1libavcodec-dev_6:0.8.17-2+deb7u1_amd64.deb
Debian7amd64libswscale-dev< 6:0.8.17-2+deb7u1libswscale-dev_6:0.8.17-2+deb7u1_amd64.deb
Debian7i386libavcodec-dev< 6:0.8.17-2+deb7u1libavcodec-dev_6:0.8.17-2+deb7u1_i386.deb
Rows per page:
1-10 of 831

Related

prion 1
cve 1
openvas 1
nessus 2
debiancve 1
ubuntucve 1
osv 1
cvelist 1
nvd 1
gentoo 1
prion
prion
Double free
2015-02-28 01:59:00
cve
cve
CVE-2014-9676
2015-02-28 01:59:00
openvas
openvas
Debian: Security Advisory (DLA-464-1)
2023-03-08 00:00:00
nessus
nessus
Debian DLA-464-1 : libav security update
2016-05-12 00:00:00
GLSA-201606-09 : FFmpeg: Multiple vulnerabilities
2016-06-20 00:00:00
debiancve
debiancve
CVE-2014-9676
2015-02-28 01:59:00
ubuntucve
ubuntucve
CVE-2014-9676
2015-02-28 00:00:00
osv
osv
libav - security update
2016-05-10 00:00:00
cvelist
cvelist
CVE-2014-9676
2015-02-28 01:00:00
nvd
nvd
CVE-2014-9676
2015-02-28 01:59:00
gentoo
gentoo
FFmpeg: Multiple vulnerabilities
2016-06-18 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON
Related for DEBIAN:DLA-464-1:09C2E
prion1cve1openvas1nessus2debiancve1ubuntucve1osv1cvelist1nvd1gentoo1