Lucene search

K
gentooGentoo FoundationGLSA-201210-06
HistoryOct 20, 2012 - 12:00 a.m.

Libav: Multiple vulnerabilities

2012-10-2000:00:00
Gentoo Foundation
security.gentoo.org
17

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.044

Percentile

92.5%

Background

Libav is a complete solution to record, convert and stream audio and video.

Description

Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted media file in an application linked against Libav, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Libav users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/libav-0.8.3"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-video/libav< 0.8.3UNKNOWN

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.044

Percentile

92.5%