Detections
Analytics
Debian DLA-644-1 : libav security update
medium Nessus Plugin ID 93847
Language:
Synopsis
The remote Debian host is missing a security update.Description
Multiple vulnerabilities have been found in libav :CVE-2015-1872
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in Libav before 0.8.18 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data.
CVE-2015-5479
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
CVE-2016-7393
The aac_sync function in libavcodec/aac_parser.c in Libav before 11.5 is vulnerable to a stack-based buffer overflow.
For Debian 7 'Wheezy', these problems have been fixed in version 6:0.8.18-0+deb7u1.
We recommend that you upgrade your libav packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Upgrade the affected packages.See Also
https://lists.debian.org/debian-lts-announce/2016/10/msg00000.html
Plugin Details
Severity: Medium
ID: 93847
File Name: debian_DLA-644.nasl
Version: 2.7
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 10/5/2016
Updated: 1/11/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:libavdevice-extra-53, p-cpe:/a:debian:debian_linux:ffmpeg-doc, p-cpe:/a:debian:debian_linux:libav-extra-dbg, p-cpe:/a:debian:debian_linux:libswscale2, p-cpe:/a:debian:debian_linux:libavfilter-extra-2, p-cpe:/a:debian:debian_linux:libswscale-dev, p-cpe:/a:debian:debian_linux:libpostproc-extra-52, p-cpe:/a:debian:debian_linux:libav-dbg, p-cpe:/a:debian:debian_linux:libavdevice53, p-cpe:/a:debian:debian_linux:libavutil51, p-cpe:/a:debian:debian_linux:libavfilter2, p-cpe:/a:debian:debian_linux:libswscale-extra-2, p-cpe:/a:debian:debian_linux:libavformat-extra-53, p-cpe:/a:debian:debian_linux:libavcodec-extra-53, p-cpe:/a:debian:debian_linux:ffmpeg-dbg, p-cpe:/a:debian:debian_linux:libavcodec53, p-cpe:/a:debian:debian_linux:libavcodec-dev, p-cpe:/a:debian:debian_linux:libav-tools, cpe:/o:debian:debian_linux:7.0, p-cpe:/a:debian:debian_linux:libavdevice-dev, p-cpe:/a:debian:debian_linux:ffmpeg, p-cpe:/a:debian:debian_linux:libpostproc-dev, p-cpe:/a:debian:debian_linux:libavfilter-dev, p-cpe:/a:debian:debian_linux:libavutil-extra-51, p-cpe:/a:debian:debian_linux:libavformat53, p-cpe:/a:debian:debian_linux:libav-doc, p-cpe:/a:debian:debian_linux:libavutil-dev, p-cpe:/a:debian:debian_linux:libavformat-dev, p-cpe:/a:debian:debian_linux:libpostproc52
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 10/4/2016