Lucene search

K
debianDebianDEBIAN:DLA-515-1:121BC
HistoryJun 14, 2016 - 12:33 p.m.

[SECURITY] [DLA 515-1] libav security update

2016-06-1412:33:22
lists.debian.org
27

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.013

Percentile

86.1%

Package : libav
Version : 6:0.8.17-2+deb7u2
CVE ID : CVE-2016-3062

It was discovered that there was a memory corruption issue in
libav (a multimedia player, server, encoder and transcoder) when
parsing .mp4 files which could lead to crash or possibly execute
arbitrary code.

For Debian 7 "Wheezy", this issue has been fixed in libav version
6:0.8.17-2+deb7u2.

We recommend that you upgrade your libav packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      [email protected] / chris-lamb.co.uk
   `-

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.013

Percentile

86.1%