Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1478-1
HistoryJun 18, 2012 - 12:00 a.m.

Libav vulnerabilities

2012-06-1800:00:00
ubuntu.com
53

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.032

Percentile

91.4%

JSON

Releases

  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 11.04

Packages

  • libav - Multimedia player, server, encoder and transcoder

Details

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed DV files. If a user were tricked into opening a
crafted DV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.10.
(CVE-2011-3929, CVE-2011-3936)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed NSV files. If a user were tricked into opening a
crafted NSV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3940)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed Kega Game Video (KGV1) files. If a user were
tricked into opening a crafted Kega Game Video (KGV1) file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program. This
issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3945)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed MJPEG-B files. If a user were tricked into
opening a crafted MJPEG-B file, an attacker could cause a denial of service
via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3947)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed DPCM files. If a user were tricked into opening a
crafted DPCM file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3951)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed KMVC files. If a user were tricked into opening a
crafted KMVC file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3952)

Jeong Wook Oh discovered that Libav incorrectly handled certain malformed
ASF files. If a user were tricked into opening a crafted ASF file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.10. (CVE-2011-4031)

It was discovered that Libav incorrectly handled certain malformed
Westwood SNDx files. If a user were tricked into opening a crafted Westwood
SNDx file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. This issue only affected Ubuntu 11.10.
(CVE-2012-0848)

Diana Elena Muscalu discovered that Libav incorrectly handled certain
malformed AAC files. If a user were tricked into opening a crafted AAC
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0850)

It was discovered that Libav incorrectly handled certain malformed H.264
files. If a user were tricked into opening a crafted H.264 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0851)

It was discovered that Libav incorrectly handled certain malformed ADPCM
files. If a user were tricked into opening a crafted ADPCM file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0852)

It was discovered that Libav incorrectly handled certain malformed Atrac 3
files. If a user were tricked into opening a crafted Atrac 3 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0853)

It was discovered that Libav incorrectly handled certain malformed Shorten
files. If a user were tricked into opening a crafted Shorten file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0858)

It was discovered that Libav incorrectly handled certain malformed Vorbis
files. If a user were tricked into opening a crafted Vorbis file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0859)

Fabian Yamaguchi discovered that Libav incorrectly handled certain
malformed VQA files. If a user were tricked into opening a crafted VQA
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2012-0947)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchlibavformat53< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchffmpeg-dbg< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibav-dbg< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibav-tools< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavcodec-dev< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavcodec53< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavdevice-dev< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavdevice53< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavfilter-dev< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavfilter2< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Rows per page:
1-10 of 511

Related

openvas 15
nessus 10
ubuntu 1
gentoo 2
securityvulns 3
debian 3
osv 2
ubuntucve 16
freebsd 1
cve 16
debiancve 16
cvelist 16
nvd 16
prion 16
msvr 1
openvas
openvas
Ubuntu Update for libav USN-1478-1
2012-06-19 00:00:00
Ubuntu: Security Advisory (USN-1478-1)
2012-06-19 00:00:00
Ubuntu: Security Advisory (USN-1479-1)
2012-06-19 00:00:00
nessus
nessus
Ubuntu 11.04 / 11.10 / 12.04 LTS : libav vulnerabilities (USN-1478-1)
2012-06-19 00:00:00
Ubuntu 10.04 LTS : ffmpeg vulnerabilities (USN-1479-1)
2012-06-19 00:00:00
GLSA-201210-06 : Libav: Multiple vulnerabilities
2012-10-22 00:00:00
ubuntu
ubuntu
FFmpeg vulnerabilities
2012-06-18 00:00:00
gentoo
gentoo
Libav: Multiple vulnerabilities
2012-10-20 00:00:00
FFmpeg: Multiple vulnerabilities
2013-10-25 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2494-1] ffmpeg security update
2012-06-17 00:00:00
[SECURITY] [DSA-2471-1] ffmpeg security update
2012-05-21 00:00:00
ffmpeg library multiple security vulnerabilities
2012-06-17 00:00:00
debian
debian
[SECURITY] [DSA 2494-1] ffmpeg security update
2012-06-14 20:24:18
[SECURITY] [DSA-2471-1] ffmpeg security update
2012-05-13 20:37:22
[SECURITY] [DSA 2624-1] ffmpeg security update
2013-02-16 18:18:20
osv
osv
ffmpeg - several
2012-06-14 00:00:00
ffmpeg - several
2012-05-13 00:00:00
ubuntucve
ubuntucve
CVE-2011-3936
2012-05-13 00:00:00
CVE-2011-3929
2012-05-13 00:00:00
CVE-2011-4031
2012-05-09 00:00:00
freebsd
freebsd
gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav
2013-08-20 00:00:00
cve
cve
CVE-2011-3952
2012-08-20 18:55:02
CVE-2011-3936
2012-08-20 18:55:01
CVE-2011-3929
2012-08-20 18:55:01
debiancve
debiancve
CVE-2011-3952
2012-08-20 18:55:02
CVE-2011-3936
2012-08-20 18:55:01
CVE-2011-4031
2012-05-09 10:33:14
cvelist
cvelist
CVE-2011-3936
2012-08-20 18:00:00
CVE-2011-3929
2012-08-20 18:00:00
CVE-2011-3952
2012-08-20 18:00:00
nvd
nvd
CVE-2011-3936
2012-08-20 18:55:01
CVE-2011-3929
2012-08-20 18:55:01
CVE-2011-4031
2012-05-09 10:33:14
prion
prion
Out-of-bounds
2012-08-20 18:55:00
Buffer overflow
2012-08-20 18:55:00
Null pointer dereference
2012-08-20 18:55:00
msvr
msvr
Vulnerability in FFmpeg Could Allow Remote Code Execution
2011-10-18 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.032

Percentile

91.4%

JSON
Related for USN-1478-1
openvas15nessus10ubuntu1gentoo2securityvulns3debian3osv2ubuntucve16freebsd1cve16debiancve16cvelist16nvd16prion16msvr1