ID CVE-2015-5200
Summary The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:libvdpau_project:libvdpau:*:*:*:*:*:*:*:*
    cpe:2.3:a:libvdpau_project:libvdpau:*:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
CVSS
Base: 6.3 (as of 22-12-2016 - 02:59)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:C/A:C
refmap via4
bid 76636
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1253827
debian DSA-3355
fedora
  • FEDORA-2015-14850
  • FEDORA-2015-14851
  • FEDORA-2015-3ca3f2138b
mlist [xorg-announce] 20150831 libvdpau 1.1.1
suse openSUSE-SU-2015:1537
ubuntu USN-2729-1
Last major update 22-12-2016 - 02:59
Published 08-09-2015 - 15:59
Last modified 22-12-2016 - 02:59
Back to Top