Debian LTS: DLA-1142-1 Critical: Libav Denial Of Service Issues
debian lts
October 21, 2017
Multiple vulnerabilities have been found in libav: CVE-2015-8365
Summary
CVE-2015-8365
The smka_decode_frame function in libavcodec/smacker.c does not verify that
the data size is consistent with the number of channels, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Smacker data.
CVE-2017-7208
The decode_residual function in libavcodec allows remote attackers to cause
a denial of service (buffer over-read) or obtain sensitive information from
process memory via a crafted h264 video file.
CVE-2017-7862
The decode_frame function in libavcodec/pictordec.c is vulnerable to an
out-of-bounds write caused by a heap-based buffer overflow.
CVE-2017-9992
The decode_dds1 function in libavcodec/dfa.c allows remote attackers to
cause a denial of service (Heap-based buffer overflow and application crash)
or possibly have unspecified other impact via a crafted file.
For Debian 7 "Wheezy", these problems have been fixed in version
6:0.8.21-0+deb7u1.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libav
Version: 6:0.8.21-0+deb7u1
CVE ID: CVE-2015-8365 CVE-2017-7208 CVE-2017-7862 CVE-2017-9992
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!