Executive Summary
| Summary | |
|---|---|
| Title | Libav: Multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | GLSA-201406-28 | First vendor Publication | 2014-06-26 |
| Vendor | Gentoo | Last vendor Modification | 2014-06-26 |
| Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Synopsis Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. Background Description Impact Workaround Resolution Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages. References Availability http://security.gentoo.org/glsa/glsa-201406-28.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-201406-28.xml |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-399 | Resource Management Errors |
| 50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:16007 | |||
| Oval ID: | oval:org.mitre.oval:def:16007 | ||
| Title: | Google Chrome before 23.0.1271.97 does not properly perform AAC decoding | ||
| Description: | Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5144 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16660 | |||
| Oval ID: | oval:org.mitre.oval:def:16660 | ||
| Title: | USN-1630-1 -- Libav vulnerabilities | ||
| Description: | Libav could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1630-1 CVE-2012-2772 CVE-2012-2775 CVE-2012-2776 CVE-2012-2777 CVE-2012-2779 CVE-2012-2784 CVE-2012-2786 CVE-2012-2787 CVE-2012-2788 CVE-2012-2789 CVE-2012-2790 CVE-2012-2793 CVE-2012-2794 CVE-2012-2796 CVE-2012-2798 CVE-2012-2800 CVE-2012-2801 CVE-2012-2802 | Version: | 5 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 | Product(s): | libav |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17970 | |||
| Oval ID: | oval:org.mitre.oval:def:17970 | ||
| Title: | USN-1674-1 -- libav vulnerabilities | ||
| Description: | Libav could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1674-1 CVE-2012-2772 CVE-2012-2775 CVE-2012-2777 CVE-2012-2779 CVE-2012-2784 CVE-2012-2786 CVE-2012-2788 CVE-2012-2789 CVE-2012-2790 CVE-2012-2793 CVE-2012-2794 CVE-2012-2798 CVE-2012-2800 CVE-2012-2801 | Version: | 5 |
| Platform(s): | Ubuntu 11.10 | Product(s): | libav |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18046 | |||
| Oval ID: | oval:org.mitre.oval:def:18046 | ||
| Title: | USN-1706-1 -- ffmpeg vulnerabilities | ||
| Description: | FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1706-1 CVE-2012-2783 CVE-2012-2803 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | ffmpeg |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18070 | |||
| Oval ID: | oval:org.mitre.oval:def:18070 | ||
| Title: | USN-1705-1 -- libav vulnerabilities | ||
| Description: | Libav could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1705-1 CVE-2012-2783 CVE-2012-2791 CVE-2012-2797 CVE-2012-2798 CVE-2012-2801 CVE-2012-2802 CVE-2012-2803 CVE-2012-2804 CVE-2012-5144 | Version: | 5 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 | Product(s): | libav |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18129 | |||
| Oval ID: | oval:org.mitre.oval:def:18129 | ||
| Title: | USN-1675-1 -- ffmpeg vulnerabilities | ||
| Description: | FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1675-1 CVE-2012-2777 CVE-2012-2784 CVE-2012-2788 CVE-2012-2801 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | ffmpeg |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20045 | |||
| Oval ID: | oval:org.mitre.oval:def:20045 | ||
| Title: | DSA-2624-1 ffmpeg - several | ||
| Description: | Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/demuxers for Shorten, Chinese AVS video, VP5, VP6, AVI, AVS and MPEG-1/2 files could lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2624-1 CVE-2012-0858 CVE-2012-2777 CVE-2012-2783 CVE-2012-2784 CVE-2012-2788 CVE-2012-2801 CVE-2012-2803 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | ffmpeg |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-12-26 | Name : Ubuntu Update for libav USN-1674-1 File : nvt/gb_ubuntu_USN_1674_1.nasl |
| 2012-12-26 | Name : Ubuntu Update for ffmpeg USN-1675-1 File : nvt/gb_ubuntu_USN_1675_1.nasl |
| 2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Linux) File : nvt/gb_google_chrome_mult_vuln03_dec12_lin.nasl |
| 2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln03_dec12_macosx.nasl |
| 2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows) File : nvt/gb_google_chrome_mult_vuln03_dec12_win.nasl |
| 2012-11-15 | Name : Ubuntu Update for libav USN-1630-1 File : nvt/gb_ubuntu_USN_1630_1.nasl |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-28.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-867.nasl - Type : ACT_GATHER_INFO |
| 2013-10-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-12.nasl - Type : ACT_GATHER_INFO |
| 2013-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-16.nasl - Type : ACT_GATHER_INFO |
| 2013-08-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4d087b35099011e3a9f4bcaec565249c.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-079.nasl - Type : ACT_GATHER_INFO |
| 2013-02-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2624.nasl - Type : ACT_GATHER_INFO |
| 2013-01-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1705-1.nasl - Type : ACT_GATHER_INFO |
| 2013-01-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1706-1.nasl - Type : ACT_GATHER_INFO |
| 2012-12-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1674-1.nasl - Type : ACT_GATHER_INFO |
| 2012-12-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1675-1.nasl - Type : ACT_GATHER_INFO |
| 2012-12-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_51f84e28444e11e2830600262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2012-12-12 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_23_0_1271_97.nasl - Type : ACT_GATHER_INFO |
| 2012-11-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1630-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-06-28 13:27:17 |
|
| 2014-06-27 05:26:04 |
|
