| Bug ID | 1124267 |
|---|---|
| Summary | VUL-1: CVE-2016-1000276: Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such DLL on the system directory. This behavior results in |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.3 |
| Hardware | Other |
| URL | https://smash.suse.de/issue/224166/ |
| OS | Other |
| Status | NEW |
| Severity | Minor |
| Priority | P5 - None |
| Component | Other |
| Assignee | mseben@gmail.com |
| Reporter | meissner@suse.com |
| QA Contact | security-team@suse.de |
| CC | davejplater@gmail.com, tiwai@suse.com |
| Found By | Security Response Team |
| Blocker | --- |
CVE-2016-1000276 Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such DLL on the system directory. This behavior results in an exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is enabled. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000276 https://lists.openwall.net/full-disclosure/2017/01/04/3 https://forum.audacityteam.org/viewtopic.php?f=46&t=92698