CVE-2019-15942

2019-09-05T16:15:00

Description

FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.

Affected Package

OS	OS Version	Package Name	Package Version
Alpine	edge-community	ffmpeg	4.2.1-r0
Alpine	edge-community	ffmpeg4	4.2.1-r0
Alpine	3.12-community	ffmpeg	4.2.1-r0
Alpine	3.13-community	ffmpeg	4.2.1-r0
Alpine	3.14-community	ffmpeg	4.2.1-r0
Alpine	3.15-community	ffmpeg	4.2.1-r0
Alpine	3.16-community	ffmpeg	4.2.1-r0
Alpine	3.16-community	ffmpeg4	4.2.1-r0
Alpine	3.17-community	ffmpeg	4.2.1-r0
Alpine	3.17-community	ffmpeg4	4.2.1-r0
Alpine	3.18-community	ffmpeg	4.2.1-r0
Alpine	3.18-community	ffmpeg4	4.2.1-r0

{"id": "ALPINE:CVE-2019-15942", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2019-15942", "description": "FFmpeg through 4.2 has a \"Conditional jump or move depends on uninitialised value\" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.", "published": "2019-09-05T16:15:00", "modified": "2023-02-28T14:11:00", "epss": [{"cve": "CVE-2019-15942", "epss": 0.00387, "percentile": 0.70119, "modified": "2023-12-02"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://security.alpinelinux.org/vuln/CVE-2019-15942", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2019-15942"], "immutableFields": [], "lastseen": "2023-12-02T17:25:10", "viewCount": 10, "enchantments": {"score": {"value": 7.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-15942"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-15942"]}, {"type": "gentoo", "idList": ["GLSA-202007-58"]}, {"type": "ibm", "idList": ["95DD7CC13A310A96DACFB2DDB6D353705916A555BF19B32A476346933A1C5740"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-202007-58.NASL", "OPENSUSE-2020-24.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852988"]}, {"type": "prion", "idList": ["PRION:CVE-2019-15942"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-15942"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0024-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-15942"]}]}, "vulnersScore": 7.0}, "_state": {"score": 1701538112, "dependencies": 1701546193}, "_internal": {"score_hash": "f47481e367d3535a617f137a1f8ac86e"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg"}, {"OS": "Alpine", "OSVersion": "edge-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg4"}, {"OS": "Alpine", "OSVersion": "3.12-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg"}, {"OS": "Alpine", "OSVersion": "3.13-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg"}, {"OS": "Alpine", "OSVersion": "3.14-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg"}, {"OS": "Alpine", "OSVersion": "3.15-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg"}, {"OS": "Alpine", "OSVersion": "3.16-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg"}, {"OS": "Alpine", "OSVersion": "3.16-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg4"}, {"OS": "Alpine", "OSVersion": "3.17-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg"}, {"OS": "Alpine", "OSVersion": "3.17-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg4"}, {"OS": "Alpine", "OSVersion": "3.18-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg"}, {"OS": "Alpine", "OSVersion": "3.18-community", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.2.1-r0", "operator": "lt", "packageName": "ffmpeg4"}]}

{"ibm": [{"lastseen": "2023-02-27T21:55:37", "description": "## Summary\n\nThe following CVEs have been resolved as part of this security update. This only affects container images since this package is not published as part of the WMLCE Conda channel.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-15942](<https://vulners.com/cve/CVE-2019-15942>) \n** DESCRIPTION: **FFmpeg is vulnerable to a denial of service, caused by a flaw in the in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166687](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166687>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WML Community Edition| 1.6.2 \nIBM WML Community Edition| 1.7.0 \n \n## Remediation/Fixes\n\nContainer images there were affected have been republished using the same tags. Pulling the image again from its upstream container registry (<https://hub.docker.com/r/ibmcom/powerai>, <https://catalog.redhat.com>) will download an updated image with the CVEs resolved.\n\nFor information regarding WMLCE see <https://www.ibm.com/support/knowledgecenter/SS5SF7> .\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-20T00:10:21", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in FFMpeg shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15942"], "modified": "2020-05-20T00:10:21", "id": "95DD7CC13A310A96DACFB2DDB6D353705916A555BF19B32A476346933A1C5740", "href": "https://www.ibm.com/support/pages/node/6211953", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-22T02:04:01", "description": "FFmpeg through 4.2 has a \"Conditional jump or move depends on uninitialised value\" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-05T16:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15942"], "modified": "2023-02-28T14:11:00", "id": "PRION:CVE-2019-15942", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-15942", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-02T15:26:34", "description": "FFmpeg through 4.2 has a \"Conditional jump or move depends on uninitialised value\" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-05T16:15:00", "type": "cve", "title": "CVE-2019-15942", "cwe": ["CWE-252"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15942"], "modified": "2023-02-28T14:11:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:4.2"], "id": "CVE-2019-15942", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15942", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:4.2:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2023-12-02T17:40:45", "description": "FFmpeg through 4.2 has a \"Conditional jump or move depends on uninitialised value\" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-18T16:55:21", "type": "redhatcve", "title": "CVE-2019-15942", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15942"], "modified": "2023-04-06T05:34:41", "id": "RH:CVE-2019-15942", "href": "https://access.redhat.com/security/cve/cve-2019-15942", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-02T14:43:26", "description": "FFmpeg through 4.2 has a \"Conditional jump or move depends on uninitialised\nvalue\" issue in h2645_parse because alloc_rbsp_buffer in\nlibavcodec/h2645_parse.c mishandles rbsp_buffer.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ebarretto](<https://launchpad.net/~ebarretto>) | Only affects 4.2\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-05T00:00:00", "type": "ubuntucve", "title": "CVE-2019-15942", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15942"], "modified": "2019-09-05T00:00:00", "id": "UB:CVE-2019-15942", "href": "https://ubuntu.com/security/CVE-2019-15942", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-12-02T18:24:04", "description": "FFmpeg through 4.2 has a \"Conditional jump or move depends on uninitialised value\" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-05T16:15:00", "type": "debiancve", "title": "CVE-2019-15942", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15942"], "modified": "2019-09-05T16:15:00", "id": "DEBIANCVE:CVE-2019-15942", "href": "https://security-tracker.debian.org/tracker/CVE-2019-15942", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-31T16:29:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-14T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ffmpeg-4 (openSUSE-SU-2020:0024-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17555", "CVE-2019-11338", "CVE-2019-11339", "CVE-2018-13305", "CVE-2019-15942"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852988", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852988", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852988\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2017-17555\", \"CVE-2018-13305\", \"CVE-2019-11338\", \"CVE-2019-11339\", \"CVE-2019-15942\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-14 04:01:32 +0000 (Tue, 14 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for ffmpeg-4 (openSUSE-SU-2020:0024-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0024-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00014.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ffmpeg-4'\n package(s) announced via the openSUSE-SU-2020:0024-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ffmpeg-4 fixes the following issues:\n\n ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153\n\n - CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c\n in FFmpeg 4.0 allowed remote attackers to cause a denial of service\n (out-of-array access) or possibly have unspecified. (bsc#1133153)\n\n - For other changes see /usr/share/doc/packages/libavcodec58/Changelog\n\n Update to version 4.2.1:\n\n * Stable bug fix release, mainly codecs and format fixes.\n\n - CVE-2019-15942: Conditional jump or move depends on uninitialised value'\n issue in h2645_parse (boo#1149839)\n\n Update to FFmpeg 4.2 'Ada'\n\n * tpad filter\n\n * AV1 decoding support through libdav1d\n\n * dedot filter\n\n * chromashift and rgbashift filters\n\n * freezedetect filter\n\n * truehd_core bitstream filter\n\n * dhav demuxer\n\n * PCM-DVD encoder\n\n * GIF parser\n\n * vividas demuxer\n\n * hymt decoder\n\n * anlmdn filter\n\n * maskfun filter\n\n * hcom demuxer and decoder\n\n * ARBC decoder\n\n * libaribb24 based ARIB STD-B24 caption support (profiles A and C)\n\n * Support decoding of HEVC 4:4:4 content in nvdec and cuviddec\n\n * removed libndi-newtek\n\n * agm decoder\n\n * KUX demuxer\n\n * AV1 frame split bitstream filter\n\n * lscr decoder\n\n * lagfun filter\n\n * asoftclip filter\n\n * Support decoding of HEVC 4:4:4 content in vdpau\n\n * colorhold filter\n\n * xmedian filter\n\n * asr filter\n\n * showspatial multimedia filter\n\n * VP4 video decoder\n\n * IFV demuxer\n\n * derain filter\n\n * deesser filter\n\n * mov muxer writes tracks with unspecified language instead of English by\n default\n\n * added support for using clang to compile CUDA kernels\n\n - See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete\n changelog.\n\n Update to version 4.1.4\n\n * See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete\n changelog.\n\n - Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen\n\n Update to version 4.1.3:\n\n * Updates and bug fixes for codecs, filters and formats. [boo#1133153,\n boo#1133155, CVE-2019-11338, CVE-2019-11339]\n\n Update to version 4.1.2:\n\n * Updates and bug fixes for codecs, filters and formats.\n\n Update to version 4.1.1:\n\n * Various filter and codec fixes and enhancements.\n\n * configure: Add missing xlib dependency for VAAPI X11 code.\n\n * For complete changelog, see /usr/share/doc/packages/ffmpeg-4/Changelog\n\n * enable AV1 support on x86_64\n\n Update ffmpeg to 4.1:\n\n * Lots of filter updates as usual: deblock, tmix, aplify, fftdnoiz,\n aderivative, aintegral, pal75bars, pal100bars, adeclick, adeclip,\n lensfun (wrapper), colorconstancy, 1D LUT filter (lut1d), cue, acue,\n transpose_npp, amul ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ffmpeg-4' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-debugsource\", rpm:\"ffmpeg-4-debugsource~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-libavcodec-devel\", rpm:\"ffmpeg-4-libavcodec-devel~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-libavdevice-devel\", rpm:\"ffmpeg-4-libavdevice-devel~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-libavfilter-devel\", rpm:\"ffmpeg-4-libavfilter-devel~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-libavformat-devel\", rpm:\"ffmpeg-4-libavformat-devel~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-libavresample-devel\", rpm:\"ffmpeg-4-libavresample-devel~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-libavutil-devel\", rpm:\"ffmpeg-4-libavutil-devel~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-libpostproc-devel\", rpm:\"ffmpeg-4-libpostproc-devel~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-libswresample-devel\", rpm:\"ffmpeg-4-libswresample-devel~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-libswscale-devel\", rpm:\"ffmpeg-4-libswscale-devel~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ffmpeg-4-private-devel\", rpm:\"ffmpeg-4-private-devel~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavcodec58\", rpm:\"libavcodec58~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavcodec58-debuginfo\", rpm:\"libavcodec58-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavdevice58\", rpm:\"libavdevice58~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavdevice58-debuginfo\", rpm:\"libavdevice58-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavfilter7\", rpm:\"libavfilter7~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavfilter7-debuginfo\", rpm:\"libavfilter7-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavformat58\", rpm:\"libavformat58~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavformat58-debuginfo\", rpm:\"libavformat58-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavresample4\", rpm:\"libavresample4~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavresample4-debuginfo\", rpm:\"libavresample4-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavutil56\", rpm:\"libavutil56~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavutil56-debuginfo\", rpm:\"libavutil56-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpostproc55\", rpm:\"libpostproc55~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpostproc55-debuginfo\", rpm:\"libpostproc55-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libswresample3\", rpm:\"libswresample3~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libswresample3-debuginfo\", rpm:\"libswresample3-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libswscale5\", rpm:\"libswscale5~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libswscale5-debuginfo\", rpm:\"libswscale5-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavcodec58-32bit\", rpm:\"libavcodec58-32bit~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavcodec58-32bit-debuginfo\", rpm:\"libavcodec58-32bit-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavdevice58-32bit\", rpm:\"libavdevice58-32bit~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavdevice58-32bit-debuginfo\", rpm:\"libavdevice58-32bit-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavfilter7-32bit\", rpm:\"libavfilter7-32bit~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavfilter7-32bit-debuginfo\", rpm:\"libavfilter7-32bit-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavformat58-32bit\", rpm:\"libavformat58-32bit~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavformat58-32bit-debuginfo\", rpm:\"libavformat58-32bit-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavresample4-32bit\", rpm:\"libavresample4-32bit~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavresample4-32bit-debuginfo\", rpm:\"libavresample4-32bit-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavutil56-32bit\", rpm:\"libavutil56-32bit~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libavutil56-32bit-debuginfo\", rpm:\"libavutil56-32bit-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpostproc55-32bit\", rpm:\"libpostproc55-32bit~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpostproc55-32bit-debuginfo\", rpm:\"libpostproc55-32bit-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libswresample3-32bit\", rpm:\"libswresample3-32bit~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libswresample3-32bit-debuginfo\", rpm:\"libswresample3-32bit-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libswscale5-32bit\", rpm:\"libswscale5-32bit~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libswscale5-32bit-debuginfo\", rpm:\"libswscale5-32bit-debuginfo~4.2.1~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:04:23", "description": "The remote host is affected by the vulnerability described in GLSA-202007-58 (FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "GLSA-202007-58 : FFmpeg: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13312", "CVE-2019-15942", "CVE-2020-12284", "CVE-2020-13904", "CVE-2020-14212"], "modified": "2020-08-03T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:ffmpeg", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202007-58.NASL", "href": "https://www.tenable.com/plugins/nessus/139121", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202007-58.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139121);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/03\");\n\n script_cve_id(\"CVE-2019-13312\", \"CVE-2019-15942\", \"CVE-2020-12284\", \"CVE-2020-13904\", \"CVE-2020-14212\");\n script_xref(name:\"GLSA\", value:\"202007-58\");\n\n script_name(english:\"GLSA-202007-58 : FFmpeg: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202007-58\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202007-58\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-4.2.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 4.2.4\"), vulnerable:make_list(\"lt 4.2.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FFmpeg\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:01:59", "description": "This update for ffmpeg-4 fixes the following issues :\n\nffmpeg-4 was updated to version 4.0.5, fixes boo#1133153 \n\n - CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 allowed remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified. (bsc#1133153)\n\n - For other changes see /usr/share/doc/packages/libavcodec58/Changelog\n\nUpdate to version 4.2.1 :\n\n - Stable bug fix release, mainly codecs and format fixes.\n\n - CVE-2019-15942: Conditional jump or move depends on uninitialised value' issue in h2645_parse (boo#1149839)\n\nUpdate to FFmpeg 4.2 'Ada'\n\n - tpad filter\n\n - AV1 decoding support through libdav1d\n\n - dedot filter\n\n - chromashift and rgbashift filters\n\n - freezedetect filter\n\n - truehd_core bitstream filter\n\n - dhav demuxer\n\n - PCM-DVD encoder\n\n - GIF parser\n\n - vividas demuxer\n\n - hymt decoder\n\n - anlmdn filter\n\n - maskfun filter\n\n - hcom demuxer and decoder\n\n - ARBC decoder\n\n - libaribb24 based ARIB STD-B24 caption support (profiles A and C)\n\n - Support decoding of HEVC 4:4:4 content in nvdec and cuviddec\n\n - removed libndi-newtek\n\n - agm decoder\n\n - KUX demuxer\n\n - AV1 frame split bitstream filter\n\n - lscr decoder\n\n - lagfun filter\n\n - asoftclip filter\n\n - Support decoding of HEVC 4:4:4 content in vdpau\n\n - colorhold filter\n\n - xmedian filter\n\n - asr filter\n\n - showspatial multimedia filter\n\n - VP4 video decoder\n\n - IFV demuxer\n\n - derain filter\n\n - deesser filter\n\n - mov muxer writes tracks with unspecified language instead of English by default\n\n - added support for using clang to compile CUDA kernels\n\n - See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog.\n\nUpdate to version 4.1.4\n\n - See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog.\n\n - Enable runtime enabling for fdkaac via\n --enable-libfdk-aac-dlopen\n\nUpdate to version 4.1.3 :\n\n - Updates and bug fixes for codecs, filters and formats.\n [boo#1133153, boo#1133155, CVE-2019-11338, CVE-2019-11339]\n\nUpdate to version 4.1.2 :\n\n - Updates and bug fixes for codecs, filters and formats.\n\nUpdate to version 4.1.1 :\n\n - Various filter and codec fixes and enhancements.\n\n - configure: Add missing xlib dependency for VAAPI X11 code.\n\n - For complete changelog, see /usr/share/doc/packages/ffmpeg-4/Changelog\n\n - enable AV1 support on x86_64\n\nUpdate ffmpeg to 4.1 :\n\n - Lots of filter updates as usual: deblock, tmix, aplify, fftdnoiz, aderivative, aintegral, pal75bars, pal100bars, adeclick, adeclip, lensfun (wrapper), colorconstancy, 1D LUT filter (lut1d), cue, acue, transpose_npp, amultiply, Block-Matching 3d (bm3d) denoising filter, acrossover filter, audio denoiser as afftdn filter, sinc audio filter source, chromahold, setparams, vibrance, xstack, (a)graphmonitor filter yadif_cuda filter.\n\n - AV1 parser\n\n - Support for AV1 in MP4\n\n - PCM VIDC decoder and encoder\n\n - libtensorflow backend for DNN based filters like srcnn\n\n - -- The following only enabled in third-party builds :\n\n - ATRAC9 decoder\n\n - AVS2 video decoder via libdavs2\n\n - IMM4 video decoder\n\n - Brooktree ProSumer video decoder\n\n - MatchWare Screen Capture Codec decoder\n\n - WinCam Motion Video decoder\n\n - RemotelyAnywhere Screen Capture decoder\n\n - AVS2 video encoder via libxavs2\n\n - ILBC decoder\n\n - SER demuxer\n\n - Decoding S12M timecode in H264\n\n - For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1\n\nUpdate ffmpeg to 4.0.3 :\n\n - For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3\n\n - CVE-2018-13305: Added a missing check for negative values of mqaunt variable (boo#1100345).", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ffmpeg-4 (openSUSE-2020-24)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17555", "CVE-2018-13305", "CVE-2019-11338", "CVE-2019-11339", "CVE-2019-15942"], "modified": "2020-01-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ffmpeg-4-debugsource", "p-cpe:/a:novell:opensuse:ffmpeg-4-libavcodec-devel", "p-cpe:/a:novell:opensuse:ffmpeg-4-libavdevice-devel", "p-cpe:/a:novell:opensuse:ffmpeg-4-libavfilter-devel", "p-cpe:/a:novell:opensuse:ffmpeg-4-libavformat-devel", "p-cpe:/a:novell:opensuse:ffmpeg-4-libavresample-devel", "p-cpe:/a:novell:opensuse:ffmpeg-4-libavutil-devel", "p-cpe:/a:novell:opensuse:ffmpeg-4-libpostproc-devel", "p-cpe:/a:novell:opensuse:ffmpeg-4-libswresample-devel", "p-cpe:/a:novell:opensuse:ffmpeg-4-libswscale-devel", "p-cpe:/a:novell:opensuse:ffmpeg-4-private-devel", "p-cpe:/a:novell:opensuse:libavcodec58", "p-cpe:/a:novell:opensuse:libavcodec58-32bit", "p-cpe:/a:novell:opensuse:libavcodec58-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libavcodec58-debuginfo", "p-cpe:/a:novell:opensuse:libavdevice58", "p-cpe:/a:novell:opensuse:libavdevice58-32bit", "p-cpe:/a:novell:opensuse:libavdevice58-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libavdevice58-debuginfo", "p-cpe:/a:novell:opensuse:libavfilter7", "p-cpe:/a:novell:opensuse:libavfilter7-32bit", "p-cpe:/a:novell:opensuse:libavfilter7-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libavfilter7-debuginfo", "p-cpe:/a:novell:opensuse:libavformat58", "p-cpe:/a:novell:opensuse:libavformat58-32bit", "p-cpe:/a:novell:opensuse:libavformat58-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libavformat58-debuginfo", "p-cpe:/a:novell:opensuse:libavresample4", "p-cpe:/a:novell:opensuse:libavresample4-32bit", "p-cpe:/a:novell:opensuse:libavresample4-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libavresample4-debuginfo", "p-cpe:/a:novell:opensuse:libavutil56", "p-cpe:/a:novell:opensuse:libavutil56-32bit", "p-cpe:/a:novell:opensuse:libavutil56-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libavutil56-debuginfo", "p-cpe:/a:novell:opensuse:libpostproc55", "p-cpe:/a:novell:opensuse:libpostproc55-32bit", "p-cpe:/a:novell:opensuse:libpostproc55-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libpostproc55-debuginfo", "p-cpe:/a:novell:opensuse:libswresample3", "p-cpe:/a:novell:opensuse:libswresample3-32bit", "p-cpe:/a:novell:opensuse:libswresample3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libswresample3-debuginfo", "p-cpe:/a:novell:opensuse:libswscale5", "p-cpe:/a:novell:opensuse:libswscale5-32bit", "p-cpe:/a:novell:opensuse:libswscale5-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libswscale5-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-24.NASL", "href": "https://www.tenable.com/plugins/nessus/132910", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-24.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132910);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2017-17555\", \"CVE-2018-13305\", \"CVE-2019-11338\", \"CVE-2019-11339\", \"CVE-2019-15942\");\n\n script_name(english:\"openSUSE Security Update : ffmpeg-4 (openSUSE-2020-24)\");\n script_summary(english:\"Check for the openSUSE-2020-24 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ffmpeg-4 fixes the following issues :\n\nffmpeg-4 was updated to version 4.0.5, fixes boo#1133153 \n\n - CVE-2019-11339: The studio profile decoder in\n libavcodec/mpeg4videodec.c in FFmpeg 4.0 allowed remote\n attackers to cause a denial of service (out-of-array\n access) or possibly have unspecified. (bsc#1133153)\n\n - For other changes see\n /usr/share/doc/packages/libavcodec58/Changelog\n\nUpdate to version 4.2.1 :\n\n - Stable bug fix release, mainly codecs and format fixes.\n\n - CVE-2019-15942: Conditional jump or move depends on\n uninitialised value' issue in h2645_parse (boo#1149839)\n\nUpdate to FFmpeg 4.2 'Ada'\n\n - tpad filter\n\n - AV1 decoding support through libdav1d\n\n - dedot filter\n\n - chromashift and rgbashift filters\n\n - freezedetect filter\n\n - truehd_core bitstream filter\n\n - dhav demuxer\n\n - PCM-DVD encoder\n\n - GIF parser\n\n - vividas demuxer\n\n - hymt decoder\n\n - anlmdn filter\n\n - maskfun filter\n\n - hcom demuxer and decoder\n\n - ARBC decoder\n\n - libaribb24 based ARIB STD-B24 caption support (profiles\n A and C)\n\n - Support decoding of HEVC 4:4:4 content in nvdec and\n cuviddec\n\n - removed libndi-newtek\n\n - agm decoder\n\n - KUX demuxer\n\n - AV1 frame split bitstream filter\n\n - lscr decoder\n\n - lagfun filter\n\n - asoftclip filter\n\n - Support decoding of HEVC 4:4:4 content in vdpau\n\n - colorhold filter\n\n - xmedian filter\n\n - asr filter\n\n - showspatial multimedia filter\n\n - VP4 video decoder\n\n - IFV demuxer\n\n - derain filter\n\n - deesser filter\n\n - mov muxer writes tracks with unspecified language\n instead of English by default\n\n - added support for using clang to compile CUDA kernels\n\n - See /usr/share/doc/packages/ffmpeg-4/Changelog for the\n complete changelog.\n\nUpdate to version 4.1.4\n\n - See /usr/share/doc/packages/ffmpeg-4/Changelog for the\n complete changelog.\n\n - Enable runtime enabling for fdkaac via\n --enable-libfdk-aac-dlopen\n\nUpdate to version 4.1.3 :\n\n - Updates and bug fixes for codecs, filters and formats.\n [boo#1133153, boo#1133155, CVE-2019-11338,\n CVE-2019-11339]\n\nUpdate to version 4.1.2 :\n\n - Updates and bug fixes for codecs, filters and formats.\n\nUpdate to version 4.1.1 :\n\n - Various filter and codec fixes and enhancements.\n\n - configure: Add missing xlib dependency for VAAPI X11\n code.\n\n - For complete changelog, see\n /usr/share/doc/packages/ffmpeg-4/Changelog\n\n - enable AV1 support on x86_64\n\nUpdate ffmpeg to 4.1 :\n\n - Lots of filter updates as usual: deblock, tmix, aplify,\n fftdnoiz, aderivative, aintegral, pal75bars, pal100bars,\n adeclick, adeclip, lensfun (wrapper), colorconstancy, 1D\n LUT filter (lut1d), cue, acue, transpose_npp, amultiply,\n Block-Matching 3d (bm3d) denoising filter, acrossover\n filter, audio denoiser as afftdn filter, sinc audio\n filter source, chromahold, setparams, vibrance, xstack,\n (a)graphmonitor filter yadif_cuda filter.\n\n - AV1 parser\n\n - Support for AV1 in MP4\n\n - PCM VIDC decoder and encoder\n\n - libtensorflow backend for DNN based filters like srcnn\n\n - -- The following only enabled in third-party builds :\n\n - ATRAC9 decoder\n\n - AVS2 video decoder via libdavs2\n\n - IMM4 video decoder\n\n - Brooktree ProSumer video decoder\n\n - MatchWare Screen Capture Codec decoder\n\n - WinCam Motion Video decoder\n\n - RemotelyAnywhere Screen Capture decoder\n\n - AVS2 video encoder via libxavs2\n\n - ILBC decoder\n\n - SER demuxer\n\n - Decoding S12M timecode in H264\n\n - For complete changelog, see\n https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1\n\nUpdate ffmpeg to 4.0.3 :\n\n - For complete changelog, see\n https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3\n\n - CVE-2018-13305: Added a missing check for negative\n values of mqaunt variable (boo#1100345).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ffmpeg-4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-libavcodec-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-libavdevice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-libavfilter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-libavformat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-libavresample-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-libavutil-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-libpostproc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-libswresample-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-libswscale-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-4-private-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavcodec58\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavcodec58-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavcodec58-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavcodec58-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavdevice58\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavdevice58-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavdevice58-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavdevice58-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavfilter7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavfilter7-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavfilter7-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavfilter7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavformat58\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavformat58-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavformat58-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavformat58-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavresample4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavresample4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavresample4-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavresample4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavutil56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavutil56-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavutil56-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavutil56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpostproc55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpostproc55-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpostproc55-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpostproc55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswresample3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswresample3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswresample3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswresample3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswscale5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswscale5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswscale5-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswscale5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-debugsource-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-libavcodec-devel-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-libavdevice-devel-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-libavfilter-devel-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-libavformat-devel-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-libavresample-devel-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-libavutil-devel-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-libpostproc-devel-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-libswresample-devel-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-libswscale-devel-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ffmpeg-4-private-devel-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavcodec58-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavcodec58-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavdevice58-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavdevice58-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavfilter7-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavfilter7-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavformat58-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavformat58-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavresample4-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavresample4-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavutil56-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libavutil56-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpostproc55-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpostproc55-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libswresample3-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libswresample3-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libswscale5-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libswscale5-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavcodec58-32bit-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavcodec58-32bit-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavdevice58-32bit-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavdevice58-32bit-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavfilter7-32bit-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavfilter7-32bit-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavformat58-32bit-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavformat58-32bit-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavresample4-32bit-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavresample4-32bit-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavutil56-32bit-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libavutil56-32bit-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libpostproc55-32bit-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libpostproc55-32bit-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libswresample3-32bit-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libswresample3-32bit-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libswscale5-32bit-4.2.1-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libswscale5-32bit-debuginfo-4.2.1-lp151.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ffmpeg-4-debugsource / ffmpeg-4-libavcodec-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-11-10T08:11:13", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for ffmpeg-4 fixes the following issues:\n\n ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153\n\n - CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c\n in FFmpeg 4.0 allowed remote attackers to cause a denial of service\n (out-of-array access) or possibly have unspecified. (bsc#1133153)\n - For other changes see /usr/share/doc/packages/libavcodec58/Changelog\n\n Update to version 4.2.1:\n\n * Stable bug fix release, mainly codecs and format fixes.\n\n - CVE-2019-15942: Conditional jump or move depends on uninitialised value\"\n issue in h2645_parse (boo#1149839)\n\n Update to FFmpeg 4.2 \"Ada\"\n\n * tpad filter\n * AV1 decoding support through libdav1d\n * dedot filter\n * chromashift and rgbashift filters\n * freezedetect filter\n * truehd_core bitstream filter\n * dhav demuxer\n * PCM-DVD encoder\n * GIF parser\n * vividas demuxer\n * hymt decoder\n * anlmdn filter\n * maskfun filter\n * hcom demuxer and decoder\n * ARBC decoder\n * libaribb24 based ARIB STD-B24 caption support (profiles A and C)\n * Support decoding of HEVC 4:4:4 content in nvdec and cuviddec\n * removed libndi-newtek\n * agm decoder\n * KUX demuxer\n * AV1 frame split bitstream filter\n * lscr decoder\n * lagfun filter\n * asoftclip filter\n * Support decoding of HEVC 4:4:4 content in vdpau\n * colorhold filter\n * xmedian filter\n * asr filter\n * showspatial multimedia filter\n * VP4 video decoder\n * IFV demuxer\n * derain filter\n * deesser filter\n * mov muxer writes tracks with unspecified language instead of English by\n default\n * added support for using clang to compile CUDA kernels\n\n - See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete\n changelog.\n\n Update to version 4.1.4\n\n * See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete\n changelog.\n\n - Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen\n\n Update to version 4.1.3:\n\n * Updates and bug fixes for codecs, filters and formats. [boo#1133153,\n boo#1133155, CVE-2019-11338, CVE-2019-11339]\n\n Update to version 4.1.2:\n\n * Updates and bug fixes for codecs, filters and formats.\n\n Update to version 4.1.1:\n\n * Various filter and codec fixes and enhancements.\n * configure: Add missing xlib dependency for VAAPI X11 code.\n * For complete changelog, see /usr/share/doc/packages/ffmpeg-4/Changelog\n * enable AV1 support on x86_64\n\n Update ffmpeg to 4.1:\n\n * Lots of filter updates as usual: deblock, tmix, aplify, fftdnoiz,\n aderivative, aintegral, pal75bars, pal100bars, adeclick, adeclip,\n lensfun (wrapper), colorconstancy, 1D LUT filter (lut1d), cue, acue,\n transpose_npp, amultiply, Block-Matching 3d (bm3d) denoising filter,\n acrossover filter, audio denoiser as afftdn filter, sinc audio filter\n source, chromahold, setparams, vibrance, xstack, (a)graphmonitor filter\n yadif_cuda filter.\n * AV1 parser\n * Support for AV1 in MP4\n * PCM VIDC decoder and encoder\n * libtensorflow backend for DNN based filters like srcnn\n * -- The following only enabled in third-party builds:\n * ATRAC9 decoder\n * AVS2 video decoder via libdavs2\n * IMM4 video decoder\n * Brooktree ProSumer video decoder\n * MatchWare Screen Capture Codec decoder\n * WinCam Motion Video decoder\n * RemotelyAnywhere Screen Capture decoder\n * AVS2 video encoder via libxavs2\n * ILBC decoder\n * SER demuxer\n * Decoding S12M timecode in H264\n * For complete changelog, see\n https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1\n\n Update ffmpeg to 4.0.3:\n\n * For complete changelog, see\n https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3\n\n - CVE-2018-13305: Added a missing check for negative values of mqaunt\n variable (boo#1100345).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-24=1\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-24=1\n\n - openSUSE Backports SLE-15:\n\n zypper in -t patch openSUSE-2020-24=1\n\n - SUSE Package Hub for SUSE Linux Enterprise 12:\n\n zypper in -t patch openSUSE-2020-24=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-01-14T00:00:00", "type": "suse", "title": "Security update for ffmpeg-4 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17555", "CVE-2018-13305", "CVE-2019-11338", "CVE-2019-11339", "CVE-2019-15942"], "modified": "2020-01-14T00:00:00", "id": "OPENSUSE-SU-2020:0024-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VUZ4UYCOSHSZXSJE2T2UBXTNNMEGBNI3/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-12-02T16:57:29", "description": "### Background\n\nFFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-4.2.4\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-28T00:00:00", "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13312", "CVE-2019-15942", "CVE-2020-12284", "CVE-2020-13904", "CVE-2020-14212"], "modified": "2020-07-28T00:00:00", "id": "GLSA-202007-58", "href": "https://security.gentoo.org/glsa/202007-58", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}

CVE-2019-15942

Description

Affected Package

Related