Lucene search

K
ubuntuUbuntuUSN-1478-1
HistoryJun 18, 2012 - 12:00 a.m.

Libav vulnerabilities

2012-06-1800:00:00
ubuntu.com
41

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.044

Percentile

92.5%

Releases

  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 11.04

Packages

  • libav - Multimedia player, server, encoder and transcoder

Details

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed DV files. If a user were tricked into opening a
crafted DV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.10.
(CVE-2011-3929, CVE-2011-3936)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed NSV files. If a user were tricked into opening a
crafted NSV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3940)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed Kega Game Video (KGV1) files. If a user were
tricked into opening a crafted Kega Game Video (KGV1) file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program. This
issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3945)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed MJPEG-B files. If a user were tricked into
opening a crafted MJPEG-B file, an attacker could cause a denial of service
via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3947)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed DPCM files. If a user were tricked into opening a
crafted DPCM file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3951)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed KMVC files. If a user were tricked into opening a
crafted KMVC file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3952)

Jeong Wook Oh discovered that Libav incorrectly handled certain malformed
ASF files. If a user were tricked into opening a crafted ASF file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.10. (CVE-2011-4031)

It was discovered that Libav incorrectly handled certain malformed
Westwood SNDx files. If a user were tricked into opening a crafted Westwood
SNDx file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. This issue only affected Ubuntu 11.10.
(CVE-2012-0848)

Diana Elena Muscalu discovered that Libav incorrectly handled certain
malformed AAC files. If a user were tricked into opening a crafted AAC
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0850)

It was discovered that Libav incorrectly handled certain malformed H.264
files. If a user were tricked into opening a crafted H.264 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0851)

It was discovered that Libav incorrectly handled certain malformed ADPCM
files. If a user were tricked into opening a crafted ADPCM file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0852)

It was discovered that Libav incorrectly handled certain malformed Atrac 3
files. If a user were tricked into opening a crafted Atrac 3 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0853)

It was discovered that Libav incorrectly handled certain malformed Shorten
files. If a user were tricked into opening a crafted Shorten file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0858)

It was discovered that Libav incorrectly handled certain malformed Vorbis
files. If a user were tricked into opening a crafted Vorbis file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0859)

Fabian Yamaguchi discovered that Libav incorrectly handled certain
malformed VQA files. If a user were tricked into opening a crafted VQA
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2012-0947)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchlibavformat53< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchffmpeg-dbg< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibav-dbg< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibav-tools< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavcodec-dev< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavcodec53< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavdevice-dev< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavdevice53< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavfilter-dev< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibavfilter2< 4:0.8.3-0ubuntu0.12.04.1UNKNOWN
Rows per page:
1-10 of 511

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

10

Confidence

High

EPSS

0.044

Percentile

92.5%