ID CVE-2015-5479
Summary The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
References
Vulnerable Configurations
  • cpe:2.3:o:ubuntu:ubuntu:12.04:-:lts
    cpe:2.3:o:ubuntu:ubuntu:12.04:-:lts
  • libav 11.4
    cpe:2.3:a:libav:libav:11.4
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
CVSS
Base: 4.3 (as of 28-07-2016 - 14:55)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A928960A2BDC11E586FF14DAE9D210B8.NASL
    description Agostino Sarubbo reports : libav: divide-by-zero in ff_h263_decode_mba()
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 84815
    published 2015-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84815
    title FreeBSD : libav -- divide by zero (a928960a-2bdc-11e5-86ff-14dae9d210b8)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-779.NASL
    description This update for libav fixes the two following security issues : - CVE-2016-3062: A MP4 memory corruption was fixed that could lead to crashes or code execution. (boo#984487) - CVE-2015-5479: A crash due to a divide by zero was fixed in ff_h263_decode_mba() that could lead to decoder crashes. (boo#949760)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 91870
    published 2016-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91870
    title openSUSE Security Update : libav (openSUSE-2016-779)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2944-1.NASL
    description It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 90349
    published 2016-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90349
    title Ubuntu 12.04 LTS : libav vulnerabilities (USN-2944-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-644.NASL
    description Multiple vulnerabilities have been found in libav : CVE-2015-1872 The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in Libav before 0.8.18 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. CVE-2015-5479 The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. CVE-2016-7393 The aac_sync function in libavcodec/aac_parser.c in Libav before 11.5 is vulnerable to a stack-based buffer overflow. For Debian 7 'Wheezy', these problems have been fixed in version 6:0.8.18-0+deb7u1. We recommend that you upgrade your libav packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 93847
    published 2016-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93847
    title Debian DLA-644-1 : libav security update
refmap via4
bid 75932
confirm
misc https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/
suse openSUSE-SU-2016:1685
ubuntu USN-2944-1
Last major update 28-11-2016 - 14:33
Published 19-04-2016 - 10:59
Last modified 30-10-2018 - 12:27
Back to Top