Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.891142 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian LTS: Security Advisory for libav (DLA-1142-1) |
Zusammenfassung: | Multiple vulnerabilities have been found in libav:;;CVE-2015-8365;;The smka_decode_frame function in libavcodec/smacker.c does not verify that;the data size is consistent with the number of channels, which allows remote;attackers to cause a denial of service (out-of-bounds array access) or;possibly have unspecified other impact via crafted Smacker data.;;CVE-2017-7208;;The decode_residual function in libavcodec allows remote attackers to cause;a denial of service (buffer over-read) or obtain sensitive information from;process memory via a crafted h264 video file.;;CVE-2017-7862;;The decode_frame function in libavcodec/pictordec.c is vulnerable to an;out-of-bounds write caused by a heap-based buffer overflow.;;CVE-2017-9992;;The decode_dds1 function in libavcodec/dfa.c allows remote attackers to;cause a denial of service (Heap-based buffer overflow and application crash);or possibly have unspecified other impact via a crafted file. |
Beschreibung: | Summary: Multiple vulnerabilities have been found in libav: CVE-2015-8365 The smka_decode_frame function in libavcodec/smacker.c does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. CVE-2017-7208 The decode_residual function in libavcodec allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. CVE-2017-7862 The decode_frame function in libavcodec/pictordec.c is vulnerable to an out-of-bounds write caused by a heap-based buffer overflow. CVE-2017-9992 The decode_dds1 function in libavcodec/dfa.c allows remote attackers to cause a denial of service (Heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. Affected Software/OS: libav on Debian Linux Solution: For Debian 7 'Wheezy', these problems have been fixed in version 6:0.8.21-0+deb7u1. We recommend that you upgrade your libav packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-8365 Debian Security Information: DSA-4012 (Google Search) http://www.debian.org/security/2017/dsa-4012 SuSE Security Announcement: openSUSE-SU-2015:2370 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html http://www.ubuntu.com/usn/USN-2944-1 Common Vulnerability Exposure (CVE) ID: CVE-2017-7208 BugTraq ID: 97005 http://www.securityfocus.com/bid/97005 Common Vulnerability Exposure (CVE) ID: CVE-2017-7862 BugTraq ID: 97676 http://www.securityfocus.com/bid/97676 https://security.gentoo.org/glsa/201811-19 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=559 https://github.com/FFmpeg/FFmpeg/commit/8c2ea3030af7b40a3c4275696fb5c76cdb80950a Common Vulnerability Exposure (CVE) ID: CVE-2017-9992 BugTraq ID: 99319 http://www.securityfocus.com/bid/99319 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1345 https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |