7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Florian Weimer of Red Hat Product Security discovered that libvdpau, the
VDPAU wrapper library, did not properly validate environment variables,
allowing local attackers to gain additional privileges.
For Debian 6 Squeeze, these problems have been fixed in libvdpau
version 0.4.1-2+deb6u1. See DSA 3355-1 for information on other Debian
releases.
We recommend that you upgrade your libvdpau packages.