English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 150599 CVE Beschreibungen
und 73533 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.891630
Kategorie:Debian Local Security Checks
Titel:Debian LTS Advisory ([SECURITY] [DLA 1630-1] libav security update)
Zusammenfassung:Several security vulnerabilities were corrected in the libav;multimedia library which may lead to a denial-of-service, information;disclosure or the execution of arbitrary code if a malformed file is;processed.;;CVE-2017-9993;;Libav does not properly restrict HTTP Live Streaming filename;extensions and demuxer names, which allows attackers to read;arbitrary files via crafted playlist data.;;CVE-2017-9994;;libavcodec/webp.c in Libav does not ensure that pix_fmt is set,;which allows remote attackers to cause a denial of service;(heap-based buffer overflow and application crash) or possibly have;unspecified other impact via a crafted file, related to the;vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.;;CVE-2017-14055;;Denial-of-service in mv_read_header() due to lack of an EOF (End of;File) check might cause huge CPU and memory consumption.;;CVE-2017-14056;;Denial-of-service in rl2_read_header() due to lack of an EOF;(End of File) check might cause huge CPU and memory consumption.;;CVE-2017-14057;;Denial-of-service in asf_read_marker() due to lack of an EOF;(End of File) check might cause huge CPU and memory consumption.;;CVE-2017-14170;;Denial-of-service in mxf_read_index_entry_array() due to lack of an;EOF (End of File) check might cause huge CPU consumption.;;CVE-2017-14171;;Denial-of-service in nsv_parse_NSVf_header() due to lack of an EOF;(End of File) check might cause huge CPU consumption.;;CVE-2017-14767;;The sdp_parse_fmtp_config_h264 function in;libavformat/rtpdec_h264.c mishandles empty sprop-parameter-sets;values, which allows remote attackers to cause a denial of service;(heap buffer overflow) or possibly have unspecified other impact via;a crafted sdp file.;;CVE-2017-15672;;The read_header function in libavcodec/ffv1dec.c allows remote;attackers to have unspecified impact via a crafted MP4 file, which;triggers an out-of-bounds read.;;CVE-2017-17130;;The ff_free_picture_tables function in libavcodec/mpegpicture.c;allows remote attackers to cause a denial of service;(heap-based buffer overflow and application crash) or possibly have;unspecified other impact via a crafted file, related to;vc1_decode_i_blocks_adv.;;CVE-2018-6621;;The decode_frame function in libavcodec/utvideodec.c in Libav allows;remote attackers to cause a denial of service (out of array read);via a crafted AVI file.;;CVE-2018-7557;;The decode_init function in libavcodec/utvideodec.c in;Libav allows remote attackers to cause a denial of service;(Out of array read) via an AVI file with crafted dimensions within;chroma subsampling data.;;CVE-2018-14394;;libavformat/movenc.c in Libav allows attackers to cause a;denial of service (application crash caused by a divide-by-zero;error) with a user crafted Waveform audio file.;;CVE-2018-1999010;;Libav contains multiple out of array access vulnerabilities in the;mms protocol that can result in attackers accessing out of bound;data.
Beschreibung:Summary:
Several security vulnerabilities were corrected in the libav
multimedia library which may lead to a denial-of-service, information
disclosure or the execution of arbitrary code if a malformed file is
processed.

CVE-2017-9993

Libav does not properly restrict HTTP Live Streaming filename
extensions and demuxer names, which allows attackers to read
arbitrary files via crafted playlist data.

CVE-2017-9994

libavcodec/webp.c in Libav does not ensure that pix_fmt is set,
which allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted file, related to the
vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.

CVE-2017-14055

Denial-of-service in mv_read_header() due to lack of an EOF (End of
File) check might cause huge CPU and memory consumption.

CVE-2017-14056

Denial-of-service in rl2_read_header() due to lack of an EOF
(End of File) check might cause huge CPU and memory consumption.

CVE-2017-14057

Denial-of-service in asf_read_marker() due to lack of an EOF
(End of File) check might cause huge CPU and memory consumption.

CVE-2017-14170

Denial-of-service in mxf_read_index_entry_array() due to lack of an
EOF (End of File) check might cause huge CPU consumption.

CVE-2017-14171

Denial-of-service in nsv_parse_NSVf_header() due to lack of an EOF
(End of File) check might cause huge CPU consumption.

CVE-2017-14767

The sdp_parse_fmtp_config_h264 function in
libavformat/rtpdec_h264.c mishandles empty sprop-parameter-sets
values, which allows remote attackers to cause a denial of service
(heap buffer overflow) or possibly have unspecified other impact via
a crafted sdp file.

CVE-2017-15672

The read_header function in libavcodec/ffv1dec.c allows remote
attackers to have unspecified impact via a crafted MP4 file, which
triggers an out-of-bounds read.

CVE-2017-17130

The ff_free_picture_tables function in libavcodec/mpegpicture.c
allows remote attackers to cause a denial of service
(heap-based buffer overflow and application crash) or possibly have
unspecified other impact via a crafted file, related to
vc1_decode_i_blocks_adv.

CVE-2018-6621

The decode_frame function in libavcodec/utvideodec.c in Libav allows
remote attackers to cause a denial of service (out of array read)
via a crafted AVI file.

CVE-2018-7557

The decode_init function in libavcodec/utvideodec.c in
Libav allows remote attackers to cause a denial of service
(Out of array read) via an AVI file with crafted dimensions within
chroma subsampling data.

CVE-2018-14394

libavformat/movenc.c in Libav allows attackers to cause a
denial of service (application crash caused by a divide-by-zero
error) with a user crafted Waveform audio file.

CVE-2018-1999010

Libav contains multiple out of array access vulnerabilities in the
mms protocol that can result in attackers accessing out of bound
data.

Affected Software/OS:
libav on Debian Linux

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
6:11.12-1~
deb8u4.

We recommend that you upgrade your libav packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-9993
BugTraq ID: 99315
http://www.securityfocus.com/bid/99315
Debian Security Information: DSA-3957 (Google Search)
http://www.debian.org/security/2017/dsa-3957
https://github.com/FFmpeg/FFmpeg/commit/189ff4219644532bdfa7bab28dfedaee4d6d4021
https://github.com/FFmpeg/FFmpeg/commit/a5d849b149ca67ced2d271dc84db0bc95a548abb
https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-9994
BugTraq ID: 99317
http://www.securityfocus.com/bid/99317
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1434
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1435
https://github.com/FFmpeg/FFmpeg/commit/6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef
Common Vulnerability Exposure (CVE) ID: CVE-2018-6621
BugTraq ID: 102950
http://www.securityfocus.com/bid/102950
Debian Security Information: DSA-4249 (Google Search)
https://www.debian.org/security/2018/dsa-4249
Common Vulnerability Exposure (CVE) ID: CVE-2018-7557
CopyrightCopyright (c) 2019 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 73533 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde

© 1998-2019 E-Soft Inc. Alle Rechte vorbehalten.