CVE-2015-5200

The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
libvdpau_projectlibvdpau
𝑥
≤ 1.1.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvdpau
bookworm
1.5-2
fixed
bullseye
1.4-3
fixed
sid
1.5-3
fixed
trixie
1.5-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvdpau
precise
Fixed 0.4.1-3ubuntu1.2
released
trusty
Fixed 0.7-1ubuntu0.1
released
vivid
Fixed 0.9-1ubuntu0.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libvdpau-devel
suse enterprise desktop 15
1.1.1-1.28
fixed
suse enterprise desktop 15 SP1
1.1.1-1.28
fixed
suse enterprise desktop 15 SP2
1.1.1-1.28
fixed
suse enterprise desktop 15 SP3
1.1.1-1.28
fixed
suse enterprise desktop 15 SP4
1.1.1-1.28
fixed
suse enterprise desktop 15 SP5
1.1.1-150000.3.2.1
fixed
suse enterprise desktop 15 SP6
1.1.1-150000.3.4.1
fixed
suse enterprise desktop 15 SP7
1.5-150700.1.4
fixed
suse enterprise sap 15
1.1.1-1.28
fixed
suse enterprise sap 15 SP1
1.1.1-1.28
fixed
suse enterprise sap 15 SP2
1.1.1-1.28
fixed
suse enterprise sap 15 SP3
1.1.1-1.28
fixed
suse enterprise sap 15 SP4
1.1.1-1.28
fixed
suse enterprise sap 15 SP5
1.1.1-150000.3.2.1
fixed
suse enterprise sap 15 SP6
1.1.1-150000.3.4.1
fixed
suse enterprise sap 15 SP7
1.5-150700.1.4
fixed
suse enterprise server 15
1.1.1-1.28
fixed
suse enterprise server 15 SP1
1.1.1-1.28
fixed
suse enterprise server 15 SP2
1.1.1-1.28
fixed
suse enterprise server 15 SP3
1.1.1-1.28
fixed
suse enterprise server 15 SP4
1.1.1-1.28
fixed
suse enterprise server 15 SP5
1.1.1-150000.3.2.1
fixed
suse enterprise server 15 SP6
1.1.1-150000.3.4.1
fixed
suse enterprise server 15 SP7
1.5-150700.1.4
fixed
libvdpau1
suse enterprise desktop 15
1.1.1-1.28
fixed
suse enterprise desktop 15 SP1
1.1.1-1.28
fixed
suse enterprise desktop 15 SP2
1.1.1-1.28
fixed
suse enterprise desktop 15 SP3
1.1.1-1.28
fixed
suse enterprise desktop 15 SP4
1.1.1-1.28
fixed
suse enterprise desktop 15 SP5
1.1.1-150000.3.2.1
fixed
suse enterprise desktop 15 SP6
1.1.1-150000.3.4.1
fixed
suse enterprise desktop 15 SP7
1.5-150700.1.4
fixed
suse enterprise sap 15
1.1.1-1.28
fixed
suse enterprise sap 15 SP1
1.1.1-1.28
fixed
suse enterprise sap 15 SP2
1.1.1-1.28
fixed
suse enterprise sap 15 SP3
1.1.1-1.28
fixed
suse enterprise sap 15 SP4
1.1.1-1.28
fixed
suse enterprise sap 15 SP5
1.1.1-150000.3.2.1
fixed
suse enterprise sap 15 SP6
1.1.1-150000.3.4.1
fixed
suse enterprise sap 15 SP7
1.5-150700.1.4
fixed
suse enterprise server 15
1.1.1-1.28
fixed
suse enterprise server 15 SP1
1.1.1-1.28
fixed
suse enterprise server 15 SP2
1.1.1-1.28
fixed
suse enterprise server 15 SP3
1.1.1-1.28
fixed
suse enterprise server 15 SP4
1.1.1-1.28
fixed
suse enterprise server 15 SP5
1.1.1-150000.3.2.1
fixed
suse enterprise server 15 SP6
1.1.1-150000.3.4.1
fixed
suse enterprise server 15 SP7
1.5-150700.1.4
fixed
libvdpau1-32bit
suse enterprise desktop 15 SP7
1.5-150700.1.4
fixed
suse enterprise sap 15 SP7
1.5-150700.1.4
fixed
suse enterprise server 15 SP7
1.5-150700.1.4
fixed
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html
http://lists.x.org/archives/xorg-announce/2015-August/002630.html
http://www.debian.org/security/2015/dsa-3355
http://www.securityfocus.com/bid/76636
http://www.ubuntu.com/usn/USN-2729-1
https://bugzilla.redhat.com/show_bug.cgi?id=1253827
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html
http://lists.x.org/archives/xorg-announce/2015-August/002630.html
http://www.debian.org/security/2015/dsa-3355
http://www.securityfocus.com/bid/76636
http://www.ubuntu.com/usn/USN-2729-1
https://bugzilla.redhat.com/show_bug.cgi?id=1253827