Your submission was sent successfully! Close

CVE-2016-7393

Published: 15 February 2017

Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

From the Ubuntu security team

It was discovered that Libav incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
Upstream
Released (7:2.4-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7:2.8.6-1ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

libav
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://git.libav.org/?p=libav.git;a=commit;h=fb1473080223a634b8ac2cca48a632d037a0a69d
Upstream: https://git.libav.org/?p=libav.git;a=commit;h=09447f2b0fafac6d9565aab82a4c5f16fc99ee5e