http://bugzilla.opensuse.org/show_bug.cgi?id=1124267 Bug ID: 1124267 Summary: VUL-1: CVE-2016-1000276: Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such DLL on the system directory. This behavior results in Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/224166/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Other Assignee: mseben@gmail.com Reporter: meissner@suse.com QA Contact: security-team@suse.de CC: davejplater@gmail.com, tiwai@suse.com Found By: Security Response Team Blocker: --- CVE-2016-1000276 Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such DLL on the system directory. This behavior results in an exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is enabled. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000276 https://lists.openwall.net/full-disclosure/2017/01/04/3 https://forum.audacityteam.org/viewtopic.php?f=46&t=92698 -- You are receiving this mail because: You are on the CC list for the bug.