Executive Summary
Summary | |
---|---|
Title | Libav vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1790-1 | First vendor Publication | 2013-04-04 |
Vendor | Ubuntu | Last vendor Modification | 2013-04-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Libav could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - libav: Multimedia player, server, encoder and transcoder Details: It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: Ubuntu 12.04 LTS: This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1790-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18289 | |||
Oval ID: | oval:org.mitre.oval:def:18289 | ||
Title: | USN-1790-1 -- libav vulnerabilities | ||
Description: | Libav could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1790-1 CVE-2013-0894 CVE-2013-2277 CVE-2013-2495 CVE-2013-2496 | Version: | 5 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 | Product(s): | libav |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26401 | |||
Oval ID: | oval:org.mitre.oval:def:26401 | ||
Title: | Allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact | ||
Description: | Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0894 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-203.nasl - Type : ACT_GATHER_INFO |
2013-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-16.nasl - Type : ACT_GATHER_INFO |
2013-04-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1790-1.nasl - Type : ACT_GATHER_INFO |
2013-02-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dfd92cb27d4811e2ad4800262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_25_0_1364_97.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:01:48 |
|
2013-04-04 21:17:23 |
|