CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
82.4%
Package : libav
Version : 6:0.8.17-2+deb7u1
CVE ID : CVE-2014-9676
It was discovered that there was a use-after free vulnerability in
libav, a multimedia player, server, encoder and transcoder library.
The seg_write_packet function in libavformat/segment.c in ffmpeg
2.1.4 and earlier does not free the correct memory location, which
allows remote attackers to cause a denial of service ("invalid
memory handler") and possibly execute arbitrary code via a crafted
video that triggers a use after free.
For Debian 7 Wheezy, this issue has been fixed in libav version
6:0.8.17-2+deb7u1.
We recommend that you upgrade your libav packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | armhf | libswscale-dev | < 6:0.8.17-2+deb7u1 | libswscale-dev_6:0.8.17-2+deb7u1_armhf.deb |
Debian | 7 | i386 | libav-tools | < 6:0.8.17-2+deb7u1 | libav-tools_6:0.8.17-2+deb7u1_i386.deb |
Debian | 7 | armel | libavcodec-dev | < 6:0.8.17-2+deb7u1 | libavcodec-dev_6:0.8.17-2+deb7u1_armel.deb |
Debian | 7 | i386 | libavdevice-dev | < 6:0.8.17-2+deb7u1 | libavdevice-dev_6:0.8.17-2+deb7u1_i386.deb |
Debian | 7 | all | libavfilter-extra-2 | < 6:0.8.17-2+deb7u1 | libavfilter-extra-2_6:0.8.17-2+deb7u1_all.deb |
Debian | 7 | armel | libavformat-dev | < 6:0.8.17-2+deb7u1 | libavformat-dev_6:0.8.17-2+deb7u1_armel.deb |
Debian | 7 | armel | libpostproc52 | < 6:0.8.17-2+deb7u1 | libpostproc52_6:0.8.17-2+deb7u1_armel.deb |
Debian | 7 | amd64 | libavcodec-dev | < 6:0.8.17-2+deb7u1 | libavcodec-dev_6:0.8.17-2+deb7u1_amd64.deb |
Debian | 7 | amd64 | libswscale-dev | < 6:0.8.17-2+deb7u1 | libswscale-dev_6:0.8.17-2+deb7u1_amd64.deb |
Debian | 7 | i386 | libavcodec-dev | < 6:0.8.17-2+deb7u1 | libavcodec-dev_6:0.8.17-2+deb7u1_i386.deb |