Vulnerabilities > CVE-2017-7208 - Out-of-bounds Read vulnerability in Libav 9.21

047910
CVSS 7.1 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
libav
CWE-125
nessus

Summary

The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

Vulnerable Configurations

Part Description Count
Application
Libav
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1142.NASL
    descriptionMultiple vulnerabilities have been found in libav : CVE-2015-8365 The smka_decode_frame function in libavcodec/smacker.c does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. CVE-2017-7208 The decode_residual function in libavcodec allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. CVE-2017-7862 The decode_frame function in libavcodec/pictordec.c is vulnerable to an out-of-bounds write caused by a heap-based buffer overflow. CVE-2017-9992 The decode_dds1 function in libavcodec/dfa.c allows remote attackers to cause a denial of service (Heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. For Debian 7
    last seen2020-03-17
    modified2017-10-23
    plugin id104056
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104056
    titleDebian DLA-1142-1 : libav security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4012.NASL
    descriptionSeveral security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11 .11
    last seen2020-06-01
    modified2020-06-02
    plugin id104302
    published2017-11-01
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104302
    titleDebian DSA-4012-1 : libav - security update