CVE-2016-7905

Upstream information

CVE-2016-7905 at MITRE

Description

The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

CVSS v3 Scores
	National Vulnerability Database
Base Score	5.5
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Access Vector	Local
Access Complexity	Low
Privileges Required	None
User Interaction	Required
Scope	Unchanged
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	High
CVSSv3 Version	3

SUSE Bugzilla entry: 1003806 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2016:2556-1, published Tue, 18 Oct 2016 14:09:11 +0200 (CEST)
openSUSE-SU-2016:2560-1, published Tue, 18 Oct 2016 14:10:23 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub for SUSE Linux Enterprise 12 SP1	`ffmpeg >= 2.8.8-6.1` `ffmpeg-debuginfo >= 2.8.8-22.1` `ffmpeg-debugsource >= 2.8.8-22.1` `ffmpeg-devel >= 2.8.8-6.1` `libavcodec-devel >= 2.8.8-6.1` `libavcodec56 >= 2.8.8-6.1` `libavcodec56-32bit >= 2.8.8-22.1` `libavcodec56-debuginfo >= 2.8.8-22.1` `libavcodec56-debuginfo-32bit >= 2.8.8-22.1` `libavdevice-devel >= 2.8.8-6.1` `libavdevice56 >= 2.8.8-6.1` `libavdevice56-32bit >= 2.8.8-22.1` `libavdevice56-debuginfo >= 2.8.8-22.1` `libavdevice56-debuginfo-32bit >= 2.8.8-22.1` `libavfilter-devel >= 2.8.8-6.1` `libavfilter5 >= 2.8.8-6.1` `libavfilter5-32bit >= 2.8.8-22.1` `libavfilter5-debuginfo >= 2.8.8-22.1` `libavfilter5-debuginfo-32bit >= 2.8.8-22.1` `libavformat-devel >= 2.8.8-6.1` `libavformat56 >= 2.8.8-6.1` `libavformat56-32bit >= 2.8.8-22.1` `libavformat56-debuginfo >= 2.8.8-22.1` `libavformat56-debuginfo-32bit >= 2.8.8-22.1` `libavresample-devel >= 2.8.8-6.1` `libavresample2 >= 2.8.8-6.1` `libavresample2-32bit >= 2.8.8-22.1` `libavresample2-debuginfo >= 2.8.8-22.1` `libavresample2-debuginfo-32bit >= 2.8.8-22.1` `libavutil-devel >= 2.8.8-6.1` `libavutil54 >= 2.8.8-6.1` `libavutil54-32bit >= 2.8.8-22.1` `libavutil54-debuginfo >= 2.8.8-22.1` `libavutil54-debuginfo-32bit >= 2.8.8-22.1` `libpostproc-devel >= 2.8.8-6.1` `libpostproc53 >= 2.8.8-6.1` `libpostproc53-32bit >= 2.8.8-22.1` `libpostproc53-debuginfo >= 2.8.8-22.1` `libpostproc53-debuginfo-32bit >= 2.8.8-22.1` `libswresample-devel >= 2.8.8-6.1` `libswresample1 >= 2.8.8-6.1` `libswresample1-32bit >= 2.8.8-22.1` `libswresample1-debuginfo >= 2.8.8-22.1` `libswresample1-debuginfo-32bit >= 2.8.8-22.1` `libswscale-devel >= 2.8.8-6.1` `libswscale3 >= 2.8.8-6.1` `libswscale3-32bit >= 2.8.8-22.1` `libswscale3-debuginfo >= 2.8.8-22.1` `libswscale3-debuginfo-32bit >= 2.8.8-22.1`	Patchnames: openSUSE-2016-1203
openSUSE Leap 42.1	`ffmpeg >= 2.8.8-22.1` `ffmpeg-debuginfo >= 2.8.8-22.1` `ffmpeg-debugsource >= 2.8.8-22.1` `ffmpeg-devel >= 2.8.8-22.1` `libavcodec-devel >= 2.8.8-22.1` `libavcodec56 >= 2.8.8-22.1` `libavcodec56-32bit >= 2.8.8-22.1` `libavcodec56-debuginfo >= 2.8.8-22.1` `libavcodec56-debuginfo-32bit >= 2.8.8-22.1` `libavdevice-devel >= 2.8.8-22.1` `libavdevice56 >= 2.8.8-22.1` `libavdevice56-32bit >= 2.8.8-22.1` `libavdevice56-debuginfo >= 2.8.8-22.1` `libavdevice56-debuginfo-32bit >= 2.8.8-22.1` `libavfilter-devel >= 2.8.8-22.1` `libavfilter5 >= 2.8.8-22.1` `libavfilter5-32bit >= 2.8.8-22.1` `libavfilter5-debuginfo >= 2.8.8-22.1` `libavfilter5-debuginfo-32bit >= 2.8.8-22.1` `libavformat-devel >= 2.8.8-22.1` `libavformat56 >= 2.8.8-22.1` `libavformat56-32bit >= 2.8.8-22.1` `libavformat56-debuginfo >= 2.8.8-22.1` `libavformat56-debuginfo-32bit >= 2.8.8-22.1` `libavresample-devel >= 2.8.8-22.1` `libavresample2 >= 2.8.8-22.1` `libavresample2-32bit >= 2.8.8-22.1` `libavresample2-debuginfo >= 2.8.8-22.1` `libavresample2-debuginfo-32bit >= 2.8.8-22.1` `libavutil-devel >= 2.8.8-22.1` `libavutil54 >= 2.8.8-22.1` `libavutil54-32bit >= 2.8.8-22.1` `libavutil54-debuginfo >= 2.8.8-22.1` `libavutil54-debuginfo-32bit >= 2.8.8-22.1` `libpostproc-devel >= 2.8.8-22.1` `libpostproc53 >= 2.8.8-22.1` `libpostproc53-32bit >= 2.8.8-22.1` `libpostproc53-debuginfo >= 2.8.8-22.1` `libpostproc53-debuginfo-32bit >= 2.8.8-22.1` `libswresample-devel >= 2.8.8-22.1` `libswresample1 >= 2.8.8-22.1` `libswresample1-32bit >= 2.8.8-22.1` `libswresample1-debuginfo >= 2.8.8-22.1` `libswresample1-debuginfo-32bit >= 2.8.8-22.1` `libswscale-devel >= 2.8.8-22.1` `libswscale3 >= 2.8.8-22.1` `libswscale3-32bit >= 2.8.8-22.1` `libswscale3-debuginfo >= 2.8.8-22.1` `libswscale3-debuginfo-32bit >= 2.8.8-22.1`	Patchnames: openSUSE-2016-1203

CVE-2016-7905

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Support Offerings

Global Services

Support Resources

Partners

Communities

About