#VU41571 Input validation error in Libav


Published: 2014-06-06 | Updated: 2020-08-10

Vulnerability identifier: #VU41571

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3984

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Libav
Client/Desktop applications / Multimedia software

Vendor: Libav

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Libav: 0.8 - 0.8.10

External links
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.12
http://libav.org/news.html
http://secunia.com/advisories/59032
http://secunia.com/advisories/59045
http://www.debian.org/security/2014/dsa-2947
http://www.ubuntu.com/usn/USN-2244-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Input validation error in Libav