Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201705-08
HistoryMay 09, 2017 - 12:00 a.m.

libav: Multiple vulnerabilities

2017-05-0900:00:00
Gentoo Foundation
security.gentoo.org
22

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.025

Percentile

90.3%

JSON

Background

Libav is a complete solution to record, convert and stream audio and video.

Description

Multiple vulnerabilities have been discovered in libav. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted media file in an application linked against libav, possibly resulting in execution of arbitrary code with the privileges of the application, a Denial of Service condition or access the content of arbitrary local files.

Workaround

There is no known workaround at this time.

Resolution

All libav users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/libav-11.8"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-video/libav<Β 11.8UNKNOWN

Related

nessus 15
osv 5
openvas 14
debian 4
securityvulns 2
hackerone 1
slackware 1
suse 1
f5 2
freebsd 4
seebug 1
archlinux 1
cert 1
mageia 3
debiancve 6
veracode 3
cvelist 6
cve 6
prion 6
nvd 6
ubuntucve 6
ubuntu 1
gentoo 2
threatpost 1
nessus
nessus
GLSA-201705-08 : libav: Multiple vulnerabilities
2017-05-10 00:00:00
Debian DSA-3506-1 : libav - security update
2016-03-07 00:00:00
Debian DSA-3288-1 : libav - security update
2015-06-15 00:00:00
osv
osv
libav - security update
2016-03-04 00:00:00
libav - security update
2015-06-13 00:00:00
libav - security update
2016-06-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 3506-1 (libav - security update)
2016-03-04 00:00:00
Debian: Security Advisory (DSA-3506-1)
2016-03-03 00:00:00
Debian Security Advisory DSA 3288-1 (libav - security update)
2015-06-13 00:00:00
debian
debian
[SECURITY] [DSA 3506-1] libav security update
2016-03-04 20:44:32
[SECURITY] [DSA 3288-1] libav security update
2015-06-13 17:16:32
[SECURITY] [DSA 3603-1] libav security update
2016-06-14 20:43:09
securityvulns
securityvulns
libav / ffmpeg security vulnerabilities
2015-06-21 00:00:00
[SECURITY] [DSA 3288-1] libav security update
2015-06-21 00:00:00
hackerone
hackerone
Pornhub: [ssrf] libav vulnerable during conversion of uploaded videos
2016-01-17 15:36:02
slackware
slackware
[slackware-security] MPlayer
2016-02-04 00:05:34
suse
suse
Security update for ffmpeg (important)
2016-01-25 22:11:11
f5
f5
K03202240 : FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898
2016-02-08 00:00:00
SOL03202240 - FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898
2016-02-08 00:00:00
freebsd
freebsd
ffmpeg -- remote attacker can access local files
2016-01-13 00:00:00
ffmpeg -- out-of-bounds array access
2015-04-12 00:00:00
ffmpeg -- use-after-free
2014-12-19 00:00:00
seebug
seebug
FFmpeg 2.xη‰ˆζœ¬ζœεŠ‘ε™¨η«―θ―·ζ±‚δΌͺι€ ζΌζ΄ž
2016-05-06 00:00:00
archlinux
archlinux
ffmpeg: information leakage
2016-01-17 00:00:00
cert
cert
ffmpeg and Libav cross-domain information disclosure vulnerability
2016-01-20 00:00:00
mageia
mageia
Updated ffmpeg packages fix security vulnerabilities
2016-02-09 22:05:34
Updated ffmpeg package fixes security vulnerability
2015-06-19 16:33:05
Updated avidemux packages fix security vulnerabilities
2015-05-18 22:08:05
debiancve
debiancve
CVE-2015-3395
2015-06-16 16:59:04
CVE-2015-3417
2015-04-24 17:59:03
CVE-2016-2326
2016-02-12 05:59:00
veracode
veracode
Denial Of Service (DoS)
2017-02-09 05:17:22
Denial Of Service (DoS)
2017-02-09 02:28:46
Integer Overflow
2017-02-03 04:19:11
cvelist
cvelist
CVE-2015-3395
2015-06-16 16:00:00
CVE-2015-3417
2015-04-24 17:00:00
CVE-2016-2326
2016-02-12 02:00:00
cve
cve
CVE-2015-3395
2015-06-16 16:59:04
CVE-2015-3417
2015-04-24 17:59:03
CVE-2016-2326
2016-02-12 05:59:00
prion
prion
Out-of-bounds
2015-06-16 16:59:00
Design/Logic Flaw
2015-04-24 17:59:00
Integer overflow
2016-02-12 05:59:00
nvd
nvd
CVE-2015-3395
2015-06-16 16:59:04
CVE-2015-3417
2015-04-24 17:59:03
CVE-2016-2326
2016-02-12 05:59:00
ubuntucve
ubuntucve
CVE-2015-3395
2015-06-16 00:00:00
CVE-2015-3417
2015-04-24 00:00:00
CVE-2016-2326
2016-02-12 00:00:00
ubuntu
ubuntu
Libav vulnerabilities
2016-04-04 00:00:00
gentoo
gentoo
FFmpeg: Multiple vulnerabilities
2016-06-18 00:00:00
FFmpeg: Multiple vulnerabilities
2016-03-12 00:00:00
threatpost
threatpost
Popular Apps on Google Play Store Remain Unpatched
2019-11-21 12:05:58

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.025

Percentile

90.3%

JSON
Related for GLSA-201705-08
nessus15osv5openvas14debian4securityvulns2hackerone1slackware1suse1f52freebsd4seebug1archlinux1cert1mageia3debiancve6veracode3cvelist6cve6prion6nvd6ubuntucve6ubuntu1gentoo2threatpost1