Published: 08/09/2015 Updated: 22/12/2016

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Directory traversal vulnerability in dlopen in libvdpau prior to 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
libvdpau project libvdpau

Debian Bug report logs - #797895 libvdpau: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200 Package: src:libvdpau; Maintainer for src:libvdpau is Debian NVIDIA Maintainers <pkg-nvidia-devel@listsaliothdebianorg>; Reported by: Alessandro Ghedini <ghedo@debianorg> Date: Thu, 3 Sep 2015 12:51:02 UTC Severity: important ...

libvdpau could be made to run programs as an administrator ...

Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges For the oldstable distribution (wheezy), these problems have been fixed in version 041-7+deb7u1 For the stable distribution (jessie), these proble ...

CWE-22 http://lists.x.org/archives/xorg-announce/2015-August/002630.html https://bugzilla.redhat.com/show_bug.cgi?id=1253826 http://www.ubuntu.com/usn/USN-2729-1 http://www.securityfocus.com/bid/76636 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html http://www.debian.org/security/2015/dsa-3355 http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797895 https://usn.ubuntu.com/2729-1/https://nvd.nist.gov

CVE-2015-5199

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect