CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.4%
Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed DV files. If a user were tricked into opening a
crafted DV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.10.
(CVE-2011-3929, CVE-2011-3936)
Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed NSV files. If a user were tricked into opening a
crafted NSV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3940)
Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed Kega Game Video (KGV1) files. If a user were
tricked into opening a crafted Kega Game Video (KGV1) file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program. This
issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3945)
Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed MJPEG-B files. If a user were tricked into
opening a crafted MJPEG-B file, an attacker could cause a denial of service
via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3947)
Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed DPCM files. If a user were tricked into opening a
crafted DPCM file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3951)
Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed KMVC files. If a user were tricked into opening a
crafted KMVC file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3952)
Jeong Wook Oh discovered that Libav incorrectly handled certain malformed
ASF files. If a user were tricked into opening a crafted ASF file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.10. (CVE-2011-4031)
It was discovered that Libav incorrectly handled certain malformed
Westwood SNDx files. If a user were tricked into opening a crafted Westwood
SNDx file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. This issue only affected Ubuntu 11.10.
(CVE-2012-0848)
Diana Elena Muscalu discovered that Libav incorrectly handled certain
malformed AAC files. If a user were tricked into opening a crafted AAC
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0850)
It was discovered that Libav incorrectly handled certain malformed H.264
files. If a user were tricked into opening a crafted H.264 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0851)
It was discovered that Libav incorrectly handled certain malformed ADPCM
files. If a user were tricked into opening a crafted ADPCM file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0852)
It was discovered that Libav incorrectly handled certain malformed Atrac 3
files. If a user were tricked into opening a crafted Atrac 3 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0853)
It was discovered that Libav incorrectly handled certain malformed Shorten
files. If a user were tricked into opening a crafted Shorten file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0858)
It was discovered that Libav incorrectly handled certain malformed Vorbis
files. If a user were tricked into opening a crafted Vorbis file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0859)
Fabian Yamaguchi discovered that Libav incorrectly handled certain
malformed VQA files. If a user were tricked into opening a crafted VQA
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2012-0947)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.04 | noarch | libavformat53 | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | ffmpeg-dbg | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | libav-dbg | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | libav-tools | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | libavcodec-dev | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | libavcodec53 | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | libavdevice-dev | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | libavdevice53 | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | libavfilter-dev | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | libavfilter2 | < 4:0.8.3-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu.com/security/CVE-2011-3929
ubuntu.com/security/CVE-2011-3936
ubuntu.com/security/CVE-2011-3940
ubuntu.com/security/CVE-2011-3945
ubuntu.com/security/CVE-2011-3947
ubuntu.com/security/CVE-2011-3951
ubuntu.com/security/CVE-2011-3952
ubuntu.com/security/CVE-2011-4031
ubuntu.com/security/CVE-2012-0848
ubuntu.com/security/CVE-2012-0850
ubuntu.com/security/CVE-2012-0851
ubuntu.com/security/CVE-2012-0852
ubuntu.com/security/CVE-2012-0853
ubuntu.com/security/CVE-2012-0858
ubuntu.com/security/CVE-2012-0859
ubuntu.com/security/CVE-2012-0947