Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Debian 8 LTS DLA-1630-1 Critical: Libav Denial of Service Risks

debian lts
Calendar Grey January 7, 2019
Dist Debian Esm H88
Enhance the libav multimedia package in order to address security flaws leading to DoS and data leaks for users of Debian 8.
Several security vulnerabilities were corrected in the libav multimedia library which may lead to a denial-of-service, information disclosure or the execution of arbitrary code if ...

Summary

CVE-2017-9993

Libav does not properly restrict HTTP Live Streaming filename
extensions and demuxer names, which allows attackers to read
arbitrary files via crafted playlist data.

CVE-2017-9994

libavcodec/webp.c in Libav does not ensure that pix_fmt is set,
which allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted file, related to the
vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

CVE-2017-14055

Denial-of-service in mv_read_header() due to lack of an EOF (End of
File) check might cause huge CPU and memory consumption.

CVE-2017-14056

Denial-of-service in rl2_read_header() due to lack of an EOF
(End of File) check might cause huge CPU and memory consumption.

CVE-2017-14057

Denial-of-service in asf_read_marker() due to lack of an EOF
(End of File) check might cause huge CPU and memory consumption.

CVE-2017-14170

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: libav
Version: 6:11.12-1~deb8u4
CVE ID: CVE-2017-9993 CVE-2017-9994 CVE-2017-14055

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.