Vulnerability identifier: #VU41571
Vulnerability risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Libav
Client/Desktop applications /
Multimedia software
Vendor: Libav
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Libav: 0.8 - 0.8.10
External links
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.12
http://libav.org/news.html
http://secunia.com/advisories/59032
http://secunia.com/advisories/59045
http://www.debian.org/security/2014/dsa-2947
http://www.ubuntu.com/usn/USN-2244-1
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.