Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1333-1
Solution
Please Install the Updated Packages.
Insight
Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04. (CVE-2011-3504)
Phillip Langlois discovered that Libav incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4351)
Phillip Langlois discovered that Libav incorrectly handled certain malformed VP3 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4352)
Phillip Langlois discovered that Libav incorrectly handled certain malformed VP5 and VP6 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4353)
It was discovered that Libav incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
(CVE-2011-4364)
Phillip Langlois discovered that Libav incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4579)
Affected
libav on Ubuntu 11.04
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3504, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
- Ubuntu Update for bind9 USN-1566-1
- Ubuntu Update for erlang vulnerability USN-624-2
- Ubuntu Update for cups USN-1654-1
- Ubuntu Update for Firefox 3.0 and Xulrunner vulnerabilities USN-920-1