libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 15.04 |
| canonical | ubuntu_linux | 14.04 |
| libvdpau_project | libvdpau | * |
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 15.04 |
| canonical | ubuntu_linux | 14.04 |
| libvdpau_project | libvdpau | * |
The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 15.04 |
| canonical | ubuntu_linux | 14.04 |
| libvdpau_project | libvdpau | * |