Published: 08/09/2015 Updated: 22/12/2016

CVSS v2 Base Score: 6.3 | Impact Score: 9.2 | Exploitability Score: 3.4

VMScore: 561

Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C

The trace functionality in libvdpau prior to 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libvdpau project libvdpau
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
canonical ubuntu linux 12.04

Debian Bug report logs - #797895 libvdpau: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200 Package: src:libvdpau; Maintainer for src:libvdpau is Debian NVIDIA Maintainers <pkg-nvidia-devel@listsaliothdebianorg>; Reported by: Alessandro Ghedini <ghedo@debianorg> Date: Thu, 3 Sep 2015 12:51:02 UTC Severity: important ...

libvdpau could be made to run programs as an administrator ...

Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges For the oldstable distribution (wheezy), these problems have been fixed in version 041-7+deb7u1 For the stable distribution (jessie), these proble ...

NVD-CWE-noinfo http://lists.x.org/archives/xorg-announce/2015-August/002630.html https://bugzilla.redhat.com/show_bug.cgi?id=1253827 http://www.ubuntu.com/usn/USN-2729-1 http://www.securityfocus.com/bid/76636 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html http://www.debian.org/security/2015/dsa-3355 http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797895 https://usn.ubuntu.com/2729-1/https://nvd.nist.gov

CVE-2015-5200

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect