Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-5479 (GCVE-0-2015-5479)
Vulnerability from cvelistv5 – Published: 2016-04-19 14:00 – Updated: 2024-08-06 06:50
VLAI
EPSS
VEX
Summary
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
Severity
6.5 (Medium)
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| https://libav.org/releases/libav-11.5.changelog | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2944-1 | vendor-advisoryx_refsource_UBUNTU |
| https://blogs.gentoo.org/ago/2015/07/16/libav-div… | x_refsource_MISC |
| http://www.securityfocus.com/bid/75932 | vdb-entryx_refsource_BID |
| https://git.libav.org/?p=libav.git%3Ba=commitdiff… | x_refsource_CONFIRM |
Date Public
2015-07-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1685",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libav.org/releases/libav-11.5.changelog"
},
{
"name": "USN-2944-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/"
},
{
"name": "75932",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=0a49a62f998747cfa564d98d36a459fe70d3299b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:1685",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libav.org/releases/libav-11.5.changelog"
},
{
"name": "USN-2944-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/"
},
{
"name": "75932",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=0a49a62f998747cfa564d98d36a459fe70d3299b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1685",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"
},
{
"name": "https://libav.org/releases/libav-11.5.changelog",
"refsource": "CONFIRM",
"url": "https://libav.org/releases/libav-11.5.changelog"
},
{
"name": "USN-2944-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"name": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/"
},
{
"name": "75932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75932"
},
{
"name": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b",
"refsource": "CONFIRM",
"url": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5479",
"datePublished": "2016-04-19T14:00:00.000Z",
"dateReserved": "2015-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:50:02.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-5479",
"date": "2026-07-16",
"epss": "0.01978",
"percentile": "0.78256"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-5479\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-04-19T14:59:00.140\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ff_h263_decode_mba en libavcodec/ituh263dec.c en Libav en versiones anteriores a 11.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (error de divisi\u00f3n por cero y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo con dimensiones manipuladas.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ubuntu:ubuntu:12.04:*:lts:*:*:*:*:*\",\"matchCriteriaId\":\"799EB7BF-2E7E-42EF-A5A8-AADE2F003B4B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.4\",\"matchCriteriaId\":\"032D8A36-9593-448C-98B1-8B55D8D712A8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/75932\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2944-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=0a49a62f998747cfa564d98d36a459fe70d3299b\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://libav.org/releases/libav-11.5.changelog\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/75932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2944-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=0a49a62f998747cfa564d98d36a459fe70d3299b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://libav.org/releases/libav-11.5.changelog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Title
Libav ‘ituh263dec.c’ Divide-By-Zero拒绝服务漏洞
Description
Libav(前身是FFmpeg)是Libav团队的一套跨平台的可对音频和视频进行录制、转换的解决方案,它包含了一个libavcodec编码器。
Libav中存在拒绝服务漏洞。远程攻击者可利用该漏洞使应用程序崩溃,造成拒绝服务。
Severity
中
Patch Name
Libav ’ituh263dec.c‘ Divide-By-Zero拒绝服务漏洞的补丁
Patch Description
Libav(前身是FFmpeg)是Libav团队的一套跨平台的可对音频和视频进行录制、转换的解决方案,它包含了一个libavcodec编码器。Libav中存在拒绝服务漏洞。远程攻击者可利用该漏洞使应用程序崩溃,造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页: https://libav.org/
Reference
http://www.securityfocus.com/bid/75932
Impacted products
| Name | Libav Libav 11.3 |
|---|
{
"bids": {
"bid": {
"bidNumber": "75932"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2015-5479"
}
},
"description": "Libav\uff08\u524d\u8eab\u662fFFmpeg\uff09\u662fLibav\u56e2\u961f\u7684\u4e00\u5957\u8de8\u5e73\u53f0\u7684\u53ef\u5bf9\u97f3\u9891\u548c\u89c6\u9891\u8fdb\u884c\u5f55\u5236\u3001\u8f6c\u6362\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u5305\u542b\u4e86\u4e00\u4e2alibavcodec\u7f16\u7801\u5668\u3002\r\n\r\nLibav\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Agostino Sarubbo of Gentoo",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://libav.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-04936",
"openTime": "2015-07-28",
"patchDescription": "Libav\uff08\u524d\u8eab\u662fFFmpeg\uff09\u662fLibav\u56e2\u961f\u7684\u4e00\u5957\u8de8\u5e73\u53f0\u7684\u53ef\u5bf9\u97f3\u9891\u548c\u89c6\u9891\u8fdb\u884c\u5f55\u5236\u3001\u8f6c\u6362\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u5305\u542b\u4e86\u4e00\u4e2alibavcodec\u7f16\u7801\u5668\u3002Libav\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Libav \u2019ituh263dec.c\u2018 Divide-By-Zero\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Libav Libav 11.3"
},
"referenceLink": "http://www.securityfocus.com/bid/75932",
"serverity": "\u4e2d",
"submitTime": "2015-07-22",
"title": "Libav \u2018ituh263dec.c\u2019 Divide-By-Zero\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
FKIE_CVE-2015-5479
Vulnerability from fkie_nvd - Published: 2016-04-19 14:59 - Updated: 2026-06-17 00:29
Severity
Summary
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
References
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu:12.04:*:lts:*:*:*:*:*",
"matchCriteriaId": "799EB7BF-2E7E-42EF-A5A8-AADE2F003B4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "032D8A36-9593-448C-98B1-8B55D8D712A8",
"versionEndIncluding": "11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions."
},
{
"lang": "es",
"value": "La funci\u00f3n ff_h263_decode_mba en libavcodec/ituh263dec.c en Libav en versiones anteriores a 11.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (error de divisi\u00f3n por cero y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo con dimensiones manipuladas."
}
],
"id": "CVE-2015-5479",
"lastModified": "2026-06-17T00:29:11.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-19T14:59:00.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75932"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/"
},
{
"source": "cve@mitre.org",
"url": "https://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=0a49a62f998747cfa564d98d36a459fe70d3299b"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://libav.org/releases/libav-11.5.changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=0a49a62f998747cfa564d98d36a459fe70d3299b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://libav.org/releases/libav-11.5.changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-73WJ-87QJ-VF4X
Vulnerability from github – Published: 2022-05-14 02:11 – Updated: 2025-04-12 12:58
VLAI
Details
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
Severity
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2015-5479"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-04-19T14:59:00Z",
"severity": "MODERATE"
},
"details": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.",
"id": "GHSA-73wj-87qj-vf4x",
"modified": "2025-04-12T12:58:49Z",
"published": "2022-05-14T02:11:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5479"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba"
},
{
"type": "WEB",
"url": "https://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=0a49a62f998747cfa564d98d36a459fe70d3299b"
},
{
"type": "WEB",
"url": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b"
},
{
"type": "WEB",
"url": "https://libav.org/releases/libav-11.5.changelog"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/75932"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2944-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2015-5479
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-5479",
"description": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.",
"id": "GSD-2015-5479",
"references": [
"https://www.suse.com/security/cve/CVE-2015-5479.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-5479"
],
"details": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.",
"id": "GSD-2015-5479",
"modified": "2023-12-13T01:20:06.517391Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1685",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"
},
{
"name": "https://libav.org/releases/libav-11.5.changelog",
"refsource": "CONFIRM",
"url": "https://libav.org/releases/libav-11.5.changelog"
},
{
"name": "USN-2944-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"name": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/"
},
{
"name": "75932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75932"
},
{
"name": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b",
"refsource": "CONFIRM",
"url": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ubuntu:ubuntu:12.04:*:lts:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5479"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b"
},
{
"name": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/",
"refsource": "MISC",
"tags": [
"Issue Tracking"
],
"url": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/"
},
{
"name": "USN-2944-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"name": "https://libav.org/releases/libav-11.5.changelog",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://libav.org/releases/libav-11.5.changelog"
},
{
"name": "openSUSE-SU-2016:1685",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"
},
{
"name": "75932",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/75932"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-10-30T16:27Z",
"publishedDate": "2016-04-19T14:59Z"
}
}
}
OPENSUSE-SU-2024:10926-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libav-tools-12.3-1.17 on GA media
Severity
Moderate
Notes
Title of the patch: libav-tools-12.3-1.17 on GA media
Description of the patch: These are all security issues fixed in the libav-tools-12.3-1.17 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10926
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libav-tools-12.3-1.17 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libav-tools-12.3-1.17 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10926",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10926-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3946 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-6618 page",
"url": "https://www.suse.com/security/cve/CVE-2012-6618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0851 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0852 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0868 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-7010 page",
"url": "https://www.suse.com/security/cve/CVE-2013-7010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8544 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9604 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3395 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3417 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-5479 page",
"url": "https://www.suse.com/security/cve/CVE-2015-5479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3062 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3062/"
}
],
"title": "libav-tools-12.3-1.17 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10926-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.aarch64",
"product": {
"name": "libav-tools-12.3-1.17.aarch64",
"product_id": "libav-tools-12.3-1.17.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.ppc64le",
"product": {
"name": "libav-tools-12.3-1.17.ppc64le",
"product_id": "libav-tools-12.3-1.17.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.s390x",
"product": {
"name": "libav-tools-12.3-1.17.s390x",
"product_id": "libav-tools-12.3-1.17.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libav-tools-12.3-1.17.x86_64",
"product": {
"name": "libav-tools-12.3-1.17.x86_64",
"product_id": "libav-tools-12.3-1.17.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64"
},
"product_reference": "libav-tools-12.3-1.17.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le"
},
"product_reference": "libav-tools-12.3-1.17.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x"
},
"product_reference": "libav-tools-12.3-1.17.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libav-tools-12.3-1.17.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
},
"product_reference": "libav-tools-12.3-1.17.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-3946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3946"
}
],
"notes": [
{
"category": "general",
"text": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3946",
"url": "https://www.suse.com/security/cve/CVE-2011-3946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-3946"
},
{
"cve": "CVE-2012-6618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-6618"
}
],
"notes": [
{
"category": "general",
"text": "The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient \"frames to estimate rate.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-6618",
"url": "https://www.suse.com/security/cve/CVE-2012-6618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2012-6618"
},
{
"cve": "CVE-2013-0851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0851"
}
],
"notes": [
{
"category": "general",
"text": "The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0851",
"url": "https://www.suse.com/security/cve/CVE-2013-0851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2013-0851"
},
{
"cve": "CVE-2013-0852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0852"
}
],
"notes": [
{
"category": "general",
"text": "The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0852",
"url": "https://www.suse.com/security/cve/CVE-2013-0852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2013-0852"
},
{
"cve": "CVE-2013-0868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0868"
}
],
"notes": [
{
"category": "general",
"text": "libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) \"len==0 cases.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0868",
"url": "https://www.suse.com/security/cve/CVE-2013-0868"
},
{
"category": "external",
"summary": "SUSE Bug 1189142 for CVE-2013-0868",
"url": "https://bugzilla.suse.com/1189142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2013-0868"
},
{
"cve": "CVE-2013-7010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-7010"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-7010",
"url": "https://www.suse.com/security/cve/CVE-2013-7010"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-7010"
},
{
"cve": "CVE-2014-8544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8544"
}
],
"notes": [
{
"category": "general",
"text": "libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8544",
"url": "https://www.suse.com/security/cve/CVE-2014-8544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-8544"
},
{
"cve": "CVE-2014-9604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9604"
}
],
"notes": [
{
"category": "general",
"text": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9604",
"url": "https://www.suse.com/security/cve/CVE-2014-9604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-9604"
},
{
"cve": "CVE-2015-3395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3395"
}
],
"notes": [
{
"category": "general",
"text": "The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3395",
"url": "https://www.suse.com/security/cve/CVE-2015-3395"
},
{
"category": "external",
"summary": "SUSE Bug 931216 for CVE-2015-3395",
"url": "https://bugzilla.suse.com/931216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3395"
},
{
"cve": "CVE-2015-3417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3417"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3417",
"url": "https://www.suse.com/security/cve/CVE-2015-3417"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3417"
},
{
"cve": "CVE-2015-5479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-5479"
}
],
"notes": [
{
"category": "general",
"text": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-5479",
"url": "https://www.suse.com/security/cve/CVE-2015-5479"
},
{
"category": "external",
"summary": "SUSE Bug 949760 for CVE-2015-5479",
"url": "https://bugzilla.suse.com/949760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-5479"
},
{
"cve": "CVE-2016-3062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3062"
}
],
"notes": [
{
"category": "general",
"text": "The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3062",
"url": "https://www.suse.com/security/cve/CVE-2016-3062"
},
{
"category": "external",
"summary": "SUSE Bug 984487 for CVE-2016-3062",
"url": "https://bugzilla.suse.com/984487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libav-tools-12.3-1.17.aarch64",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.ppc64le",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.s390x",
"openSUSE Tumbleweed:libav-tools-12.3-1.17.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-3062"
}
]
}
ubuntu-cve-2015-5479
Vulnerability from osv_ubuntu
Published
2015-10-09 00:00
Modified
2026-04-22 07:37
Summary
Details
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
Severity
6.5 (Medium)
N/A (UNKNOWN)
References
| URL | Type | |
|---|---|---|
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libav-tools",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavcodec-extra-54",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavcodec54",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavdevice-extra-53",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavdevice53",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavfilter-extra-3",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavfilter3",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavformat-extra-54",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavformat54",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavresample1",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavutil-extra-52",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavutil52",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libswscale-extra-2",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libswscale2",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "libav",
"purl": "pkg:deb/ubuntu/libav@6:9.20-0ubuntu0.14.04.1+esm1?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6:9.20-0ubuntu0.14.04.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6:0.8.7-1ubuntu2",
"6:9.10-1ubuntu1",
"6:9.10-1ubuntu2",
"6:9.10-1ubuntu5",
"6:9.10-1ubuntu6",
"6:9.10-1ubuntu7",
"6:9.11-2ubuntu1",
"6:9.11-2ubuntu2",
"6:9.13-0ubuntu0.14.04.1",
"6:9.14-0ubuntu0.14.04.1",
"6:9.16-0ubuntu0.14.04.1",
"6:9.18-0ubuntu0.14.04.1",
"6:9.20-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.",
"id": "UBUNTU-CVE-2015-5479",
"modified": "2026-04-22T07:37:49Z",
"published": "2015-10-09T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-5479"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2944-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5479"
}
],
"related": [
"USN-2944-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2015-5479"
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…