Time-of-check Time-of-use (TOCTOU) Race Condition in VideoLAN libbluray



Published: 2019-11-22 | Updated: 2020-08-08
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2015-7810
CWE-ID CWE-367
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		libbluray
/

Vendor VideoLAN

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU35044

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-7810

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a local authenticated user to manipulate data.

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

Mitigation

Install update from vendor's website.

Vulnerable software versions

libbluray: 0.2.1 - 0.7.0

External links

http://www.openwall.com/lists/oss-security/2015/10/12/7
http://www.securityfocus.com/bid/72769
http://access.redhat.com/security/cve/cve-2015-7810
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810
http://security-tracker.debian.org/tracker/CVE-2015-7810


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###