 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.891740 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DLA-1740-1) |
| Summary: | The remote host is missing an update for the Debian 'libav' package(s) announced via the DLA-1740-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'libav' package(s) announced via the DLA-1740-1 advisory. Vulnerability Insight: Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2015-1872 The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c did not validate the number of components in a JPEG-LS Start Of Frame segment, which allowed remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. CVE-2017-14058 The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop). CVE-2017-1000460 In get_last_needed_nal() (libavformat/h264.c) the return value of init_get_bits was ignored and get_ue_golomb(&gb) was called on an uninitialized get_bits context, which caused a NULL deref exception. CVE-2018-6392 The filter_slice function in libavfilter/vf_transpose.c allowed remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. CVE-2018-1999012 libav contained a CWE-835: Infinite loop vulnerability in pva format demuxer that could result in a vulnerability that allowed attackers to consume excessive amount of resources like CPU and RAM. This attack appeared to be exploitable via specially crafted PVA file had to be provided as input. For Debian 8 Jessie, these problems have been fixed in version 6:11.12-1~ deb8u6. We recommend that you upgrade your libav packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'libav' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-1872 BugTraq ID: 72644 http://www.securityfocus.com/bid/72644 https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html http://www.securitytracker.com/id/1033078 http://www.ubuntu.com/usn/USN-2944-1 Common Vulnerability Exposure (CVE) ID: CVE-2017-1000460 https://bugzilla.libav.org/show_bug.cgi?id=952 https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html Common Vulnerability Exposure (CVE) ID: CVE-2017-14058 BugTraq ID: 100629 http://www.securityfocus.com/bid/100629 Debian Security Information: DSA-3996 (Google Search) http://www.debian.org/security/2017/dsa-3996 https://github.com/FFmpeg/FFmpeg/commit/7ba100d3e6e8b1e5d5342feb960a7f081d6e15af Common Vulnerability Exposure (CVE) ID: CVE-2018-1999012 BugTraq ID: 104896 http://www.securityfocus.com/bid/104896 Common Vulnerability Exposure (CVE) ID: CVE-2018-6392 BugTraq ID: 102848 http://www.securityfocus.com/bid/102848 Debian Security Information: DSA-4249 (Google Search) https://www.debian.org/security/2018/dsa-4249 |
| Copyright | Copyright (C) 2019 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |