{"assessment": {"system": "", "name": "", "href": ""}, "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "type": "cve", "viewCount": 1, "bulletinFamily": "NVD", "scanner": [], "edition": 1, "cvelist": ["CVE-2009-4634"], "published": "2010-02-09T21:30:00", "objectVersion": "1.2", "history": [], "title": "CVE-2009-4634", "reporter": "NVD", "hash": "8be6f987ecbd3a699034fccad915030b2936d65d80bb928f0755b7622049aab9", "lastseen": "2016-09-03T13:14:34", "id": "CVE-2009-4634", "description": "Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.", "modified": "2011-10-25T22:44:04", "references": ["http://www.mandriva.com/security/advisories?name=MDVSA-2011:059", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061", "http://www.securityfocus.com/bid/36465", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112", "http://www.debian.org/security/2010/dsa-2000", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060", "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088", "http://www.vupen.com/english/advisories/2011/1241", "http://www.ubuntu.com/usn/USN-931-1", "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", "http://www.vupen.com/english/advisories/2010/0935"], "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.5"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4634", "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2016-09-03T13:14:34"}, "vulnersScore": 6.8}}

{"nessus": [{"lastseen": "2018-09-01T23:36:27", "references": ["http://www.debian.org/security/2010/dsa-2000"], "pluginID": "44864", "description": "Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer :\n\nVarious programming errors in container and codec implementations may lead to denial of service or the execution of arbitrary code if the user is tricked into opening a malformed media file or stream.\n\nThe implementations of the following affected codecs and container formats have been updated :\n\n - the Vorbis audio codec\n - the Ogg container implementation\n\n - the FF Video 1 codec\n\n - the MPEG audio codec\n\n - the H264 video codec\n\n - the MOV container implementation\n\n - the Oggedc container implementation", "edition": 6, "reporter": "Tenable", "published": "2010-02-24T00:00:00", "title": "Debian DSA-2000-1 : ffmpeg-debian - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4637", "CVE-2009-4638", "CVE-2009-4633", "CVE-2009-4635", "CVE-2009-4634", "CVE-2009-4631", "CVE-2009-4640", "CVE-2009-4632", "CVE-2009-4636"], "modified": "2018-08-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ffmpeg-debian", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2000.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2000. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44864);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4640\");\n script_xref(name:\"DSA\", value:\"2000\");\n\n script_name(english:\"Debian DSA-2000-1 : ffmpeg-debian - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder, which also provides a range of multimedia\nlibraries used in applications like MPlayer :\n\nVarious programming errors in container and codec implementations may\nlead to denial of service or the execution of arbitrary code if the\nuser is tricked into opening a malformed media file or stream.\n\nThe implementations of the following affected codecs and container\nformats have been updated :\n\n - the Vorbis audio codec\n - the Ogg container implementation\n\n - the FF Video 1 codec\n\n - the MPEG audio codec\n\n - the H264 video codec\n\n - the MOV container implementation\n\n - the Oggedc container implementation\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2010/dsa-2000\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ffmpeg packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-18+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ffmpeg-debian\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"ffmpeg\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ffmpeg-dbg\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ffmpeg-doc\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavcodec-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavcodec51\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavdevice-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavdevice52\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavformat-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavformat52\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavutil-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavutil49\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpostproc-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpostproc51\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libswscale-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libswscale0\", reference:\"0.svn20080206-18+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:29", "references": [], "pluginID": "45575", "description": "It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2010-04-20T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : ffmpeg, ffmpeg-debian vulnerabilities (USN-931-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4637", "CVE-2009-4638", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632"], "modified": "2018-08-06T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libavutil-dev", "p-cpe:/a:canonical:ubuntu_linux:libavcodec-dev", "p-cpe:/a:canonical:ubuntu_linux:libavformat-dev", "p-cpe:/a:canonical:ubuntu_linux:libpostproc1d", "p-cpe:/a:canonical:ubuntu_linux:libpostproc51", "p-cpe:/a:canonical:ubuntu_linux:libavfilter-dev", "p-cpe:/a:canonical:ubuntu_linux:libavdevice-dev", "p-cpe:/a:canonical:ubuntu_linux:ffmpeg-doc", "p-cpe:/a:canonical:ubuntu_linux:libavdevice52", "p-cpe:/a:canonical:ubuntu_linux:libavutil49", "p-cpe:/a:canonical:ubuntu_linux:libswscale0", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libavutil1d", "p-cpe:/a:canonical:ubuntu_linux:libavformat52", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:ffmpeg-dbg", "p-cpe:/a:canonical:ubuntu_linux:libpostproc-dev", "p-cpe:/a:canonical:ubuntu_linux:libswscale1d", "cpe:/o:canonical:ubuntu_linux:8.10", "p-cpe:/a:canonical:ubuntu_linux:libavfilter0", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libavformat1d", "p-cpe:/a:canonical:ubuntu_linux:libavcodec51", "p-cpe:/a:canonical:ubuntu_linux:libswscale-dev", "p-cpe:/a:canonical:ubuntu_linux:ffmpeg", "p-cpe:/a:canonical:ubuntu_linux:libavcodec1d", "p-cpe:/a:canonical:ubuntu_linux:libavcodec52"], "id": "UBUNTU_USN-931-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45575", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-931-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45575);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4639\", \"CVE-2009-4640\");\n script_bugtraq_id(36465);\n script_xref(name:\"USN\", value:\"931-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : ffmpeg, ffmpeg-debian vulnerabilities (USN-931-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that FFmpeg contained multiple security issues when\nhandling certain multimedia files. If a user were tricked into opening\na crafted multimedia file, an attacker could cause a denial of service\nvia application crash, or possibly execute arbitrary code with the\nprivileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ffmpeg-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ffmpeg-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavdevice-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavdevice52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavfilter-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavfilter0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavutil-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavutil1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpostproc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpostproc1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpostproc51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libswscale-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libswscale0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libswscale1d\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ffmpeg\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavcodec-dev\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavcodec1d\", pkgver:\"3:0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavformat-dev\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavformat1d\", pkgver:\"3:0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavutil-dev\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavutil1d\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpostproc-dev\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpostproc1d\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libswscale-dev\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libswscale1d\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ffmpeg\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ffmpeg-dbg\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ffmpeg-doc\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavcodec-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavcodec51\", pkgver:\"3:0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavdevice-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavdevice52\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavformat-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavformat52\", pkgver:\"3:0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavutil-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavutil49\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpostproc-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpostproc51\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libswscale-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libswscale0\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ffmpeg\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ffmpeg-dbg\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ffmpeg-doc\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavcodec-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavcodec52\", pkgver:\"3:0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavdevice-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavdevice52\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavfilter-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavfilter0\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavformat-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavformat52\", pkgver:\"3:0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavutil-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavutil49\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpostproc-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpostproc51\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libswscale-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libswscale0\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"ffmpeg\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"ffmpeg-dbg\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"ffmpeg-doc\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavcodec-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavcodec52\", pkgver:\"4:0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavdevice-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavdevice52\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavfilter-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavfilter0\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavformat-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavformat52\", pkgver:\"4:0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavutil-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavutil49\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpostproc-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpostproc51\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libswscale-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libswscale0\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ffmpeg / ffmpeg-dbg / ffmpeg-doc / libavcodec-dev / libavcodec1d / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:48", "references": [], "pluginID": "53272", "description": "Multiple vulnerabilities has been identified and fixed in ffmpeg :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. (CVE-2009-4635)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704)\n\nAnd several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory.\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "edition": 6, "reporter": "Tenable", "published": "2011-04-04T00:00:00", "title": "Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:060)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3429", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2011-2162", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libffmpeg-static-devel", "p-cpe:/a:mandriva:linux:libswscaler0", "p-cpe:/a:mandriva:linux:lib64ffmpeg51", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:libavutil49", "p-cpe:/a:mandriva:linux:lib64avutil49", "p-cpe:/a:mandriva:linux:lib64avformats52", "p-cpe:/a:mandriva:linux:ffmpeg", "p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel", "p-cpe:/a:mandriva:linux:libffmpeg51", "p-cpe:/a:mandriva:linux:libavformats52", "p-cpe:/a:mandriva:linux:libffmpeg-devel", "p-cpe:/a:mandriva:linux:lib64swscaler0", "p-cpe:/a:mandriva:linux:lib64ffmpeg-devel"], "id": "MANDRIVA_MDVSA-2011-060.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53272", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:060. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53272);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\", \"CVE-2011-2162\");\n script_xref(name:\"MDVSA\", value:\"2011:060\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:060)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in ffmpeg :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nAnd several additional vulnerabilities originally discovered by Google\nChrome developers were also fixed with this advisory.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avformats52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64swscaler0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavformats52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libswscaler0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64avformats52-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64avutil49-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64swscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libavformats52-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libavutil49-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libswscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:51", "references": [], "pluginID": "54289", "description": "Multiple vulnerabilities have been identified and fixed in mplayer :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704)\n\nAnd several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory.\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "edition": 7, "reporter": "Tenable", "published": "2011-05-17T00:00:00", "title": "Mandriva Linux Security Advisory : mplayer (MDVSA-2011:088)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3429", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632", "CVE-2009-4636"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:mplayer", "p-cpe:/a:mandriva:linux:mencoder", "p-cpe:/a:mandriva:linux:mplayer-doc", "p-cpe:/a:mandriva:linux:mplayer-gui"], "id": "MANDRIVA_MDVSA-2011-088.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=54289", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:088. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54289);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\n \"CVE-2009-4632\",\n \"CVE-2009-4633\",\n \"CVE-2009-4634\",\n \"CVE-2009-4635\",\n \"CVE-2009-4636\",\n \"CVE-2009-4639\",\n \"CVE-2009-4640\",\n \"CVE-2010-3429\",\n \"CVE-2010-4704\"\n );\n script_bugtraq_id(\n 36465,\n 43546,\n 46294\n );\n script_xref(name:\"MDVSA\", value:\"2011:088\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mplayer (MDVSA-2011:088)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been identified and fixed in mplayer :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nAnd several additional vulnerabilities originally discovered by Google\nChrome developers were also fixed with this advisory.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mencoder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mencoder-1.0-1.rc2.18.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mplayer-1.0-1.rc2.18.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mplayer-doc-1.0-1.rc2.18.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mplayer-gui-1.0-1.rc2.18.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:37:19", "references": [], "pluginID": "55615", "description": "Multiple vulnerabilities have been identified and fixed in blender :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704)\n\nFix heap corruption crashes (CVE-2011-0722)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nThe updated packages have been patched to correct these issues.", "edition": 6, "reporter": "Tenable", "published": "2011-07-19T00:00:00", "title": "Mandriva Linux Security Advisory : blender (MDVSA-2011:114)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0723", "CVE-2010-3429", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632", "CVE-2011-0722", "CVE-2009-4636"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:blender", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-114.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55615", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:114. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55615);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\", \"CVE-2011-0722\", \"CVE-2011-0723\");\n script_xref(name:\"MDVSA\", value:\"2011:114\");\n\n script_name(english:\"Mandriva Linux Security Advisory : blender (MDVSA-2011:114)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been identified and fixed in blender :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nFix heap corruption crashes (CVE-2011-0722)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected blender package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"blender-2.49b-4.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:45", "references": [], "pluginID": "53273", "description": "Multiple vulnerabilities has been identified and fixed in ffmpeg :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429)\n\nFix memory corruption in WMV parsing (CVE-2010-3908)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704)\n\nMultiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue. (CVE-2011-0480)\n\nFix heap corruption crashes (CVE-2011-0722)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nAnd several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory.\n\nThe updated packages have been patched to correct these issues.", "edition": 7, "reporter": "Tenable", "published": "2011-04-04T00:00:00", "title": "Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:061)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0723", "CVE-2011-0480", "CVE-2010-3429", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632", "CVE-2011-0722", "CVE-2009-4636", "CVE-2010-3908"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libffmpeg-static-devel", "p-cpe:/a:mandriva:linux:libswscaler0", "p-cpe:/a:mandriva:linux:libavutil49", "p-cpe:/a:mandriva:linux:libpostproc51", "p-cpe:/a:mandriva:linux:lib64avutil49", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:lib64postproc51", "p-cpe:/a:mandriva:linux:lib64avformats52", "p-cpe:/a:mandriva:linux:ffmpeg", "p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel", "p-cpe:/a:mandriva:linux:libavformats52", "p-cpe:/a:mandriva:linux:libffmpeg-devel", "p-cpe:/a:mandriva:linux:lib64ffmpeg52", "p-cpe:/a:mandriva:linux:lib64swscaler0", "p-cpe:/a:mandriva:linux:lib64ffmpeg-devel", "p-cpe:/a:mandriva:linux:libffmpeg52"], "id": "MANDRIVA_MDVSA-2011-061.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53273", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:061. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53273);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\n \"CVE-2009-4632\",\n \"CVE-2009-4633\",\n \"CVE-2009-4634\",\n \"CVE-2009-4635\",\n \"CVE-2009-4636\",\n \"CVE-2009-4639\",\n \"CVE-2009-4640\",\n \"CVE-2010-3429\",\n \"CVE-2010-3908\",\n \"CVE-2010-4704\",\n \"CVE-2011-0480\",\n \"CVE-2011-0722\",\n \"CVE-2011-0723\"\n );\n script_bugtraq_id(36465);\n script_xref(name:\"MDVSA\", value:\"2011:061\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:061)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in ffmpeg :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nFix memory corruption in WMV parsing (CVE-2010-3908)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nMultiple buffer overflows in vorbis_dec.c in the Vorbis decoder in\nFFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS\nbefore 8.0.552.344, allow remote attackers to cause a denial of\nservice (memory corruption and application crash) or possibly have\nunspecified other impact via a crafted WebM file, related to buffers\nfor (1) the channel floor and (2) the channel residue. (CVE-2011-0480)\n\nFix heap corruption crashes (CVE-2011-0722)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nAnd several additional vulnerabilities originally discovered by Google\nChrome developers were also fixed with this advisory.\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avformats52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64postproc51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64swscaler0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavformats52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpostproc51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libswscaler0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"ffmpeg-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64avformats52-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64avutil49-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg-devel-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg-static-devel-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg52-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64postproc51-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64swscaler0-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libavformats52-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libavutil49-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libffmpeg-devel-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libffmpeg-static-devel-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libffmpeg52-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpostproc51-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libswscaler0-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:41", "references": [], "pluginID": "55614", "description": "Multiple vulnerabilities have been identified and fixed in blender :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "edition": 6, "reporter": "Tenable", "published": "2011-07-19T00:00:00", "title": "Mandriva Linux Security Advisory : blender (MDVSA-2011:112)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0723", "CVE-2010-3429", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632", "CVE-2009-4636"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:blender"], "id": "MANDRIVA_MDVSA-2011-112.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55614", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:112. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55614);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\", \"CVE-2011-0723\");\n script_xref(name:\"MDVSA\", value:\"2011:112\");\n\n script_name(english:\"Mandriva Linux Security Advisory : blender (MDVSA-2011:112)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been identified and fixed in blender :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected blender package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"blender-2.47-2.2mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:06:34", "references": ["http://www.nessus.org/u?50837c86", "https://security.gentoo.org/glsa/201310-12", "https://secunia.com/advisories/46134/", "http://www.nessus.org/u?d5d92e58", "https://secunia.com/advisories/36760/", "http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html"], "pluginID": "70647", "description": "The remote host is affected by the vulnerability described in GLSA-201310-12 (FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "edition": 8, "reporter": "Tenable", "published": "2013-10-27T00:00:00", "title": "GLSA-201310-12 : FFmpeg: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3937", "CVE-2011-3936", "CVE-2011-3952", "CVE-2011-3940", "CVE-2011-3947", "CVE-2011-1931", "CVE-2009-4637", "CVE-2012-2773", "CVE-2012-2781", "CVE-2012-2778", "CVE-2009-4638", "CVE-2013-3673", "CVE-2010-3429", "CVE-2013-3674", "CVE-2011-3950", "CVE-2009-4639", "CVE-2009-4633", "CVE-2012-2789", "CVE-2013-3675", "CVE-2009-4635", "CVE-2012-2802", "CVE-2012-2805", "CVE-2012-2797", "CVE-2011-3951", "CVE-2012-2793", "CVE-2010-4704", "CVE-2012-2779", "CVE-2012-2771", "CVE-2012-2782", "CVE-2013-3672", "CVE-2012-2800", "CVE-2011-3934", "CVE-2012-2792", "CVE-2009-4634", "CVE-2012-2772", "CVE-2012-2788", "CVE-2011-3944", "CVE-2011-3893", "CVE-2011-3941", "CVE-2012-2786", "CVE-2011-4351", "CVE-2013-3670", "CVE-2012-2777", "CVE-2009-4631", "CVE-2012-2775", "CVE-2012-2790", "CVE-2011-3973", "CVE-2012-2803", "CVE-2009-4640", "CVE-2011-3929", "CVE-2012-2795", "CVE-2011-4364", "CVE-2012-2784", "CVE-2009-4632", "CVE-2011-3895", "CVE-2012-2801", "CVE-2010-4705", "CVE-2011-4353", "CVE-2011-3945", "CVE-2011-3974", "CVE-2011-3935", "CVE-2011-3362", "CVE-2012-2783", "CVE-2012-2774", "CVE-2012-2785", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-0947", "CVE-2012-2780", "CVE-2009-4636", "CVE-2012-2794", "CVE-2012-2804", "CVE-2012-2776", "CVE-2011-4352", "CVE-2012-2791", "CVE-2013-3671", "CVE-2011-3949", "CVE-2010-3908", "CVE-2012-2799", "CVE-2012-2798", "CVE-2011-3946"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ffmpeg"], "id": "GENTOO_GLSA-201310-12.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70647", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201310-12.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70647);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-3908\", \"CVE-2010-4704\", \"CVE-2010-4705\", \"CVE-2011-1931\", \"CVE-2011-3362\", \"CVE-2011-3893\", \"CVE-2011-3895\", \"CVE-2011-3929\", \"CVE-2011-3934\", \"CVE-2011-3935\", \"CVE-2011-3936\", \"CVE-2011-3937\", \"CVE-2011-3940\", \"CVE-2011-3941\", \"CVE-2011-3944\", \"CVE-2011-3945\", \"CVE-2011-3946\", \"CVE-2011-3947\", \"CVE-2011-3949\", \"CVE-2011-3950\", \"CVE-2011-3951\", \"CVE-2011-3952\", \"CVE-2011-3973\", \"CVE-2011-3974\", \"CVE-2011-4351\", \"CVE-2011-4352\", \"CVE-2011-4353\", \"CVE-2011-4364\", \"CVE-2012-0947\", \"CVE-2012-2771\", \"CVE-2012-2772\", \"CVE-2012-2773\", \"CVE-2012-2774\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\", \"CVE-2012-2778\", \"CVE-2012-2779\", \"CVE-2012-2780\", \"CVE-2012-2781\", \"CVE-2012-2782\", \"CVE-2012-2783\", \"CVE-2012-2784\", \"CVE-2012-2785\", \"CVE-2012-2786\", \"CVE-2012-2787\", \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2791\", \"CVE-2012-2792\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2795\", \"CVE-2012-2796\", \"CVE-2012-2797\", \"CVE-2012-2798\", \"CVE-2012-2799\", \"CVE-2012-2800\", \"CVE-2012-2801\", \"CVE-2012-2802\", \"CVE-2012-2803\", \"CVE-2012-2804\", \"CVE-2012-2805\", \"CVE-2013-3670\", \"CVE-2013-3671\", \"CVE-2013-3672\", \"CVE-2013-3673\", \"CVE-2013-3674\", \"CVE-2013-3675\");\n script_bugtraq_id(36465, 46294, 47147, 47602, 49115, 49118, 50642, 50760, 50880, 51720, 53389, 55355, 60476, 60491, 60492, 60494, 60496, 60497);\n script_xref(name:\"GLSA\", value:\"201310-12\");\n\n script_name(english:\"GLSA-201310-12 : FFmpeg: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201310-12\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers and FFmpeg changelogs referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly leading to the execution of arbitrary code with the\n privileges of the user running the application or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5d92e58\"\n );\n # https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/1.0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50837c86\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secunia.com/advisories/36760/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secunia.com/advisories/46134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201310-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-1.0.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 1.0.7\"), vulnerable:make_list(\"lt 1.0.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FFmpeg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-10-30T10:54:26", "references": ["http://lists.mandriva.com/security-announce/2011-05/msg00010.php", "2011:088"], "pluginID": "831391", "description": "Check for the Version of mplayer", "edition": 3, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-05-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "Mandriva Update for mplayer MDVSA-2011:088 (mplayer)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3429", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632", "CVE-2009-4636"], "modified": "2017-10-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831391", "id": "OPENVAS:831391", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mplayer MDVSA-2011:088 (mplayer)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been identified and fixed in mplayer:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n \n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n \n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\n via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n \n The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\n remote attackers to cause a denial of service (crash) via a crafted\n AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n \n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n \n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n \n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n \n And several additional vulnerabilities originally discovered b ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"mplayer on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-05/msg00010.php\");\n script_id(831391);\n script_version(\"$Revision: 7585 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:088\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\");\n script_name(\"Mandriva Update for mplayer MDVSA-2011:088 (mplayer)\");\n\n script_summary(\"Check for the Version of mplayer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"mencoder\", rpm:\"mencoder~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer\", rpm:\"mplayer~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-doc\", rpm:\"mplayer-doc~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-gui\", rpm:\"mplayer-gui~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:05:16", "references": [], "pluginID": "136141256231066953", "description": "The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 2000-1.", "edition": 1, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-02-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2000-1 (ffmpeg-debian)", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4637", "CVE-2009-4638", "CVE-2009-4633", "CVE-2009-4635", "CVE-2009-4634", "CVE-2009-4631", "CVE-2009-4640", "CVE-2009-4632", "CVE-2009-4636"], "modified": "2018-01-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066953", "id": "OPENVAS:136141256231066953", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2000_1.nasl 8287 2018-01-04 07:28:11Z teissa $\n# Description: Auto-generated from advisory DSA 2000-1 (ffmpeg-debian)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder, which also provides a range of multimedia\nlibraries used in applications like MPlayer:\n\nVarious programming errors in container and codec implementations\nmay lead to denial of service or the execution of arbitrary code\nif the user is tricked into opening a malformed media file or stream.\n\nAffected and updated have been the implementations of the following\ncodecs and container formats:\n\n- - the Vorbis audio codec\n- - the Ogg container implementation\n- - the FF Video 1 codec\n- - the MPEG audio codec\n- - the H264 video codec\n- - the MOV container implementation\n- - the Oggedc container implementation\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-18+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:0.5+svn20090706-5.\n\nWe recommend that you upgrade your ffmpeg packages.\";\ntag_summary = \"The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 2000-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202000-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66953\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-25 22:02:04 +0100 (Thu, 25 Feb 2010)\");\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4640\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2000-1 (ffmpeg-debian)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec51\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:55:35", "references": ["931-1", "http://www.ubuntu.com/usn/usn-931-1/"], "pluginID": "1361412562310840423", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-931-1", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-04-29T00:00:00", "type": "openvas", "title": "Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4637", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632"], "modified": "2018-01-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840423", "id": "OPENVAS:1361412562310840423", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_931_1.nasl 8510 2018-01-24 07:57:42Z teissa $\n#\n# Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that FFmpeg contained multiple security issues when\n handling certain multimedia files. If a user were tricked into opening a\n crafted multimedia file, an attacker could cause a denial of service via\n application crash, or possibly execute arbitrary code with the privileges\n of the user invoking the program.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-931-1\";\ntag_affected = \"ffmpeg, ffmpeg-debian vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-931-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840423\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 13:13:58 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"931-1\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4637\", \"CVE-2009-4639\", \"CVE-2009-4640\");\n script_name(\"Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter0\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec51\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter0\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:50", "references": ["http://lists.mandriva.com/security-announce/2011-04/msg00002.php", "2011:060"], "pluginID": "1361412562310831358", "description": "Check for the Version of ffmpeg", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-04-06T00:00:00", "title": "Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3429", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310831358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831358", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been identified and fixed in ffmpeg:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n \n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n \n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n \n The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\n remote attackers to cause a denial of service (crash) via a crafted\n AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n \n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n \n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n \n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n \n And several additional vulnerabilities originally discovered by Google\n Chrome developers were also fixed with this advisory.\n \n Package ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"ffmpeg on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-04/msg00002.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831358\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-06 16:20:31 +0200 (Wed, 06 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:060\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\");\n script_name(\"Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ffmpeg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswscaler0\", rpm:\"libswscaler0~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64swscaler0\", rpm:\"lib64swscaler0~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswscaler0\", rpm:\"libswscaler0~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64swscaler0\", rpm:\"lib64swscaler0~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:26", "references": [], "pluginID": "66953", "description": "The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 2000-1.", "edition": 2, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-02-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "Debian Security Advisory DSA 2000-1 (ffmpeg-debian)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4637", "CVE-2009-4638", "CVE-2009-4633", "CVE-2009-4635", "CVE-2009-4634", "CVE-2009-4631", "CVE-2009-4640", "CVE-2009-4632", "CVE-2009-4636"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66953", "id": "OPENVAS:66953", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2000_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2000-1 (ffmpeg-debian)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder, which also provides a range of multimedia\nlibraries used in applications like MPlayer:\n\nVarious programming errors in container and codec implementations\nmay lead to denial of service or the execution of arbitrary code\nif the user is tricked into opening a malformed media file or stream.\n\nAffected and updated have been the implementations of the following\ncodecs and container formats:\n\n- - the Vorbis audio codec\n- - the Ogg container implementation\n- - the FF Video 1 codec\n- - the MPEG audio codec\n- - the H264 video codec\n- - the MOV container implementation\n- - the Oggedc container implementation\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-18+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:0.5+svn20090706-5.\n\nWe recommend that you upgrade your ffmpeg packages.\";\ntag_summary = \"The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 2000-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202000-1\";\n\n\nif(description)\n{\n script_id(66953);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-25 22:02:04 +0100 (Thu, 25 Feb 2010)\");\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4640\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2000-1 (ffmpeg-debian)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec51\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:18:20", "references": ["931-1", "http://www.ubuntu.com/usn/usn-931-1/"], "pluginID": "840423", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-931-1", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-04-29T00:00:00", "title": "Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4637", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840423", "id": "OPENVAS:840423", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_931_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that FFmpeg contained multiple security issues when\n handling certain multimedia files. If a user were tricked into opening a\n crafted multimedia file, an attacker could cause a denial of service via\n application crash, or possibly execute arbitrary code with the privileges\n of the user invoking the program.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-931-1\";\ntag_affected = \"ffmpeg, ffmpeg-debian vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-931-1/\");\n script_id(840423);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 13:13:58 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"931-1\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4637\", \"CVE-2009-4639\", \"CVE-2009-4640\");\n script_name(\"Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter0\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec51\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter0\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-30T10:54:27", "references": ["http://lists.mandriva.com/security-announce/2011-04/msg00002.php", "2011:060"], "pluginID": "831358", "description": "Check for the Version of ffmpeg", "edition": 3, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-04-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3429", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632"], "modified": "2017-10-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831358", "id": "OPENVAS:831358", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been identified and fixed in ffmpeg:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n \n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n \n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n \n The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\n remote attackers to cause a denial of service (crash) via a crafted\n AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n \n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n \n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n \n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n \n And several additional vulnerabilities originally discovered by Google\n Chrome developers were also fixed with this advisory.\n \n Package ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"ffmpeg on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-04/msg00002.php\");\n script_id(831358);\n script_version(\"$Revision: 7585 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-06 16:20:31 +0200 (Wed, 06 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:060\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\");\n script_name(\"Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)\");\n\n script_summary(\"Check for the Version of ffmpeg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswscaler0\", rpm:\"libswscaler0~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64swscaler0\", rpm:\"lib64swscaler0~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswscaler0\", rpm:\"libswscaler0~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64swscaler0\", rpm:\"lib64swscaler0~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:02", "references": ["http://lists.mandriva.com/security-announce/2011-05/msg00010.php", "2011:088"], "pluginID": "1361412562310831391", "description": "Check for the Version of mplayer", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-05-17T00:00:00", "title": "Mandriva Update for mplayer MDVSA-2011:088 (mplayer)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3429", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632", "CVE-2009-4636"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310831391", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831391", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mplayer MDVSA-2011:088 (mplayer)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been identified and fixed in mplayer:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n \n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n \n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\n via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n \n The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\n remote attackers to cause a denial of service (crash) via a crafted\n AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n \n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n \n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n \n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n \n And several additional vulnerabilities originally discovered b ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"mplayer on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-05/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831391\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:088\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\");\n script_name(\"Mandriva Update for mplayer MDVSA-2011:088 (mplayer)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of mplayer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"mencoder\", rpm:\"mencoder~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer\", rpm:\"mplayer~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-doc\", rpm:\"mplayer-doc~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-gui\", rpm:\"mplayer-gui~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:48", "references": ["2011:112", "http://lists.mandriva.com/security-announce/2011-07/msg00002.php"], "pluginID": "831424", "description": "Check for the Version of blender", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-07-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "Mandriva Update for blender MDVSA-2011:112 (blender)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0723", "CVE-2010-3429", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632", "CVE-2009-4636"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831424", "id": "OPENVAS:831424", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for blender MDVSA-2011:112 (blender)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been identified and fixed in blender:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n \n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n \n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\n via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n \n The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\n remote attackers to cause a denial of service (crash) via a crafted\n AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n \n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n \n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n \n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n \n Fix invalid reads in VC-1 decoding (CVE-2011-0723)\n \n Packa ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"blender on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-07/msg00002.php\");\n script_id(831424);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-22 14:44:51 +0200 (Fri, 22 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:112\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\", \"CVE-2011-0723\");\n script_name(\"Mandriva Update for blender MDVSA-2011:112 (blender)\");\n\n script_summary(\"Check for the Version of blender\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"blender\", rpm:\"blender~2.47~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:57", "references": ["2011:061", "http://lists.mandriva.com/security-announce/2011-04/msg00003.php"], "pluginID": "831359", "description": "Check for the Version of ffmpeg", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-04-06T00:00:00", "title": "Mandriva Update for ffmpeg MDVSA-2011:061 (ffmpeg)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0723", "CVE-2011-0480", "CVE-2010-3429", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2010-4704", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632", "CVE-2011-0722", "CVE-2009-4636", "CVE-2010-3908"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831359", "id": "OPENVAS:831359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ffmpeg MDVSA-2011:061 (ffmpeg)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been identified and fixed in ffmpeg:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n \n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n \n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\n via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n \n The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\n remote attackers to cause a denial of service (crash) via a crafted\n AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n \n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n \n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n \n Fix memory corruption in WMV parsing (CVE-2010-3908)\n \n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n \n Multip ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"ffmpeg on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-04/msg00003.php\");\n script_id(831359);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-06 16:20:31 +0200 (Wed, 06 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:061\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-3908\", \"CVE-2010-4704\", \"CVE-2011-0480\", \"CVE-2011-0722\", \"CVE-2011-0723\");\n script_name(\"Mandriva Update for ffmpeg MDVSA-2011:061 (ffmpeg)\");\n\n script_summary(\"Check for the Version of ffmpeg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg52\", rpm:\"libffmpeg52~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpostproc51\", rpm:\"libpostproc51~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswscaler0\", rpm:\"libswscaler0~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg52\", rpm:\"lib64ffmpeg52~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64postproc51\", rpm:\"lib64postproc51~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64swscaler0\", rpm:\"lib64swscaler0~0.5.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:28:10", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libpostproc51", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_arm.deb", "packageName": "libavdevice52", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_arm.deb", "packageName": "libpostproc-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_s390.deb", "packageName": "libavcodec-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_s390.deb", "packageName": "libavutil-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libpostproc51", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libavdevice-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_amd64.deb", "packageName": "ffmpeg", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libswscale0", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_i386.deb", "packageName": "libavcodec-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_i386.deb", "packageName": "libswscale-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_arm.deb", "packageName": "libavutil-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_armel.deb", "packageName": "libpostproc51", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libswscale0", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_arm.deb", "packageName": "libavformat52", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libavutil-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_s390.deb", "packageName": "libpostproc51", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libavdevice52", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libavutil-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_hppa.deb", "packageName": "ffmpeg-dbg", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libavformat-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_s390.deb", "packageName": "libswscale-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_i386.deb", "packageName": "libavdevice-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libavutil-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libswscale-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "ffmpeg", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libavdevice52", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_i386.deb", "packageName": "libavformat-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_mips.deb", "packageName": "libavcodec51", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libavutil49", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libavformat52", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libswscale-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libpostproc51", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_i386.deb", "packageName": "ffmpeg-dbg", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libavformat52", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libavdevice-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_arm.deb", "packageName": "libpostproc51", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libpostproc51", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_mips.deb", "packageName": "libswscale0", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libavformat52", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_i386.deb", "packageName": "libavcodec51", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_alpha.deb", "packageName": "ffmpeg-dbg", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libswscale-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libswscale0", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_i386.deb", "packageName": "libavutil49", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libavcodec51", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_armel.deb", "packageName": "libavutil-dev", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-debian_0.svn20080206-18+lenny1.dsc", "packageName": "ffmpeg-debian", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_armel.deb", "packageName": "ffmpeg", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libavformat-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_arm.deb", "packageName": "libavdevice-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_mips.deb", "packageName": "libavformat52", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libswscale0", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_arm.deb", "packageName": "libavformat-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libavcodec-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libavdevice52", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libpostproc-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libavcodec-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_mips.deb", "packageName": "libavutil-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_mips.deb", "packageName": "ffmpeg-dbg", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libpostproc-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_s390.deb", "packageName": "libavformat-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "ffmpeg-dbg", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libavdevice-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libavformat-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_i386.deb", "packageName": "libavutil-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libavformat-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_alpha.deb", "packageName": "ffmpeg", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libavdevice52", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libavcodec-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libavdevice-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_s390.deb", "packageName": "ffmpeg", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libavdevice52", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "ffmpeg-dbg", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libavutil49", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_s390.deb", "packageName": "libavdevice-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_armel.deb", "packageName": "libavformat-dev", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_s390.deb", "packageName": "libavutil49", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libpostproc-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libavcodec51", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libavdevice52", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libavutil49", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_sparc.deb", "packageName": "ffmpeg", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libswscale0", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libavcodec51", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libavutil49", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libpostproc51", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libswscale-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libavutil-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libavutil49", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_arm.deb", "packageName": "libavcodec-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libswscale0", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_mips.deb", "packageName": "libavutil49", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libavformat52", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_amd64.deb", "packageName": "ffmpeg-dbg", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libpostproc-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_i386.deb", "packageName": "libavformat52", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_i386.deb", "packageName": "libpostproc51", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_mips.deb", "packageName": "libavcodec-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_arm.deb", "packageName": "libavcodec51", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libavdevice52", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_arm.deb", "packageName": "libswscale-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libpostproc-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_armel.deb", "packageName": "libpostproc-dev", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_mips.deb", "packageName": "libpostproc51", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_s390.deb", "packageName": "libpostproc-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libpostproc51", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_armel.deb", "packageName": "libavdevice-dev", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_armel.deb", "packageName": "libavcodec-dev", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_s390.deb", "packageName": "libavformat52", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_mips.deb", "packageName": "libpostproc-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libavutil-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libavdevice-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc51_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libpostproc51", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_mips.deb", "packageName": "ffmpeg", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_i386.deb", "packageName": "libpostproc-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libavformat52", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_i386.deb", "packageName": "ffmpeg", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_armel.deb", "packageName": "libavdevice52", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libavdevice-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_mips.deb", "packageName": "libswscale-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libavutil49", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_armel.deb", "packageName": "libavcodec51", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libswscale0", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libpostproc-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libavformat-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libavcodec51", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_ia64.deb", "packageName": "ffmpeg", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libavutil-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_mips.deb", "packageName": "libavdevice52", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libavformat52", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1.diff", "packageFilename": "ffmpeg-debian_0.svn20080206-18+lenny1.diff.gz", "packageName": "ffmpeg-debian", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_arm.deb", "packageName": "ffmpeg", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libavcodec-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_mips.deb", "packageName": "libavformat-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_arm.deb", "packageName": "libswscale0", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_hppa.deb", "packageName": "ffmpeg", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_s390.deb", "packageName": "libavcodec51", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libpostproc-dev_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libpostproc-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libavdevice-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_i386.deb", "packageName": "libswscale0", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_arm.deb", "packageName": "ffmpeg-dbg", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_ia64.deb", "packageName": "libavcodec51", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_ia64.deb", "packageName": "ffmpeg-dbg", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libavformat-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libavcodec51", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_i386.deb", "packageName": "libavdevice52", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_s390.deb", "packageName": "libswscale0", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_amd64.deb", "packageName": "libswscale-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice-dev_0.svn20080206-18+lenny1_mips.deb", "packageName": "libavdevice-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_armel.deb", "packageName": "libswscale-dev", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_sparc.deb", "packageName": "libswscale-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libavformat52", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_armel.deb", "packageName": "libavutil49", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_armel.deb", "packageName": "ffmpeg-dbg", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_s390.deb", "packageName": "ffmpeg-dbg", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libavcodec-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libavcodec-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavdevice52_0.svn20080206-18+lenny1_s390.deb", "packageName": "libavdevice52", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat-dev_0.svn20080206-18+lenny1_alpha.deb", "packageName": "libavformat-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-doc_0.svn20080206-18+lenny1_all.deb", "packageName": "ffmpeg-doc", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_arm.deb", "packageName": "libavutil49", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavformat52_0.svn20080206-18+lenny1_armel.deb", "packageName": "libavformat52", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec-dev_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libavcodec-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale-dev_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libswscale-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "ffmpeg", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "ffmpeg-dbg_0.svn20080206-18+lenny1_sparc.deb", "packageName": "ffmpeg-dbg", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil-dev_0.svn20080206-18+lenny1_mipsel.deb", "packageName": "libavutil-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavutil49_0.svn20080206-18+lenny1_hppa.deb", "packageName": "libavutil49", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libswscale0_0.svn20080206-18+lenny1_armel.deb", "packageName": "libswscale0", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "0.svn20080206-18+lenny1", "packageFilename": "libavcodec51_0.svn20080206-18+lenny1_powerpc.deb", "packageName": "libavcodec51", "arch": "ppc", "operator": "lt"}], "edition": 1, "description": "Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer:\n\nVarious programming errors in container and codec implementations may lead to denial of service or the execution of arbitrary code if the user is tricked into opening a malformed media file or stream.\n\nThe implementations of the following affected codecs and container formats have been updated:\n\n * the Vorbis audio codec\n * the Ogg container implementation\n * the FF Video 1 codec\n * the MPEG audio codec\n * the H264 video codec\n * the MOV container implementation\n * the Oggedc container implementation\n\nFor the stable distribution (lenny), these problems have been fixed in version 0.svn20080206-18+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 4:0.5+svn20090706-5.\n\nWe recommend that you upgrade your ffmpeg packages.", "reporter": "Debian", "published": "2010-02-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "ffmpeg-debian -- several vulnerabilities", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4637", "CVE-2009-4638", "CVE-2009-4633", "CVE-2009-4635", "CVE-2009-4634", "CVE-2009-4631", "CVE-2009-4640", "CVE-2009-4632", "CVE-2009-4636"], "modified": "2010-02-18T00:00:00", "id": "DSA-2000", "href": "http://www.debian.org/security/dsa-2000", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:38", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4634", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4637", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4640", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4639", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4635", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4633", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4632"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "3:0.svn20090303-1ubuntu6.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libavcodec52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "3:0.cvs20070307-5ubuntu7.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libavcodec1d", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "3:0.svn20090303-1ubuntu6.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libavformat52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "4:0.5+svn20090706-2ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libavformat52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "4:0.5+svn20090706-2ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libavcodec52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "3:0.svn20080206-12ubuntu3.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libavcodec51", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "3:0.svn20080206-12ubuntu3.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libavformat52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "3:0.cvs20070307-5ubuntu7.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libavformat1d", "operator": "lt"}], "description": "It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.", "edition": 3, "reporter": "Ubuntu", "published": "2010-04-19T00:00:00", "title": "FFmpeg vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-4637", "CVE-2009-4639", "CVE-2009-4633", "CVE-2009-4635", "CVE-2009-4634", "CVE-2009-4640", "CVE-2009-4632"], "modified": "2010-04-19T00:00:00", "id": "USN-931-1", "href": "https://usn.ubuntu.com/931-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:14:10", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 36465\r\nCVE ID: CVE-2009-4631,CVE-2009-4632,CVE-2009-4633,CVE-2009-4634,CVE-2009-4635,CVE-2009-4636,CVE-2009-4637,CVE-2009-4638,CVE-2009-4639,CVE-2009-4640\r\n\r\nFFmpeg\u662f\u4e00\u5957\u5bf9\u97f3\u9891\u548c\u89c6\u9891\u8fdb\u884c\u89e3\u7801\u5f55\u5236\u8f6c\u6362\u7684\u5b8c\u6574\u65b9\u6848\u3002\r\n\r\nffmpeg\u89e3\u6790\u5404\u79cd\u5a92\u4f53\u6587\u4ef6\u65f6\u5b58\u5728\u591a\u4e2a\u7a7a\u6307\u9488\u5f15\u7528\u3001\u5185\u5b58\u8d8a\u754c\u6216\u6b7b\u5faa\u73af\u7b49\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n1) \u89e3\u6790AVI\u3001.ogv\u548c.wmv\u6587\u4ef6\u65f6\u7684\u7a7a\u6307\u9488\u5f15\u7528\u548c0\u9664\u6570\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5d29\u6e83\u3002\r\n\r\n2) \u5904\u7406.ogv\u6587\u4ef6\u548cmjpg\u7f16\u7801AVI\u6587\u4ef6\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5f15\u7528\u65e0\u6548\u7684\u5185\u5b58\u3002\r\n\r\n3) \u5904\u7406iv32\u7f16\u7801\u7684AVI\u6587\u4ef6\u548c.mp4\u6587\u4ef6\u65f6\u7684\u5806\u5185\u5b58\u7834\u574f\u53ef\u80fd\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n4) \u5904\u7406.ogv\u6587\u4ef6\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u89e6\u53d1\u6b7b\u5faa\u73af\u3002\r\n\r\n5) \u5904\u7406h264\u7f16\u7801\u7684AVI\u6587\u4ef6\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u89e6\u53d1\u6d6e\u70b9\u5f02\u5e38\u3002\r\n\r\n6) \u89e3\u6790MOV\u539f\u5b50\u53ef\u80fd\u89e6\u53d1\u7a7a\u6307\u9488\u5f15\u7528\u3002\r\n\r\n7) AAC\u7f16\u7801\u89e3\u7801\u5668\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u89e6\u53d1\u8d8a\u754c\u8bfb\u53d6\u3002\r\n\r\n8) mov_read_dref()\u51fd\u6570\u5728\u89e3\u6790.mp4\u6587\u4ef6\u53ef\u80fd\u5bfc\u81f4\u6302\u8d77\u3002\r\n\r\n9) \u5904\u7406.ogv\u6587\u4ef6\u65f6\u7684\u5185\u5b58\u7834\u574f\u53ef\u80fd\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nFFmpeg 0.5\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nFFmpeg\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/?view=log", "reporter": "Root", "published": "2010-02-20T00:00:00", "title": "FFmpeg\u591a\u4e2a\u5a92\u4f53\u6587\u4ef6\u89e3\u6790\u62d2\u7edd\u670d\u52a1\u548c\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4631", "CVE-2009-4632", "CVE-2009-4633", "CVE-2009-4634", "CVE-2009-4635", "CVE-2009-4636", "CVE-2009-4637", "CVE-2009-4638", "CVE-2009-4639", "CVE-2009-4640"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2010-02-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19159", "id": "SSV:19159", "sourceData": "\n https://roundup.ffmpeg.org/roundup/ffmpeg/file397/ffmpeg_crashers.zip\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-19159", "status": "poc,details"}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2795", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3362", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779", "https://bugs.gentoo.org/show_bug.cgi?id=389807", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3929", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3951", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2805", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3673", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4351", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2771", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3671", "https://bugs.gentoo.org/show_bug.cgi?id=433772", "https://bugs.gentoo.org/show_bug.cgi?id=473302", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3936", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2781", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0947", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1931", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3908", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794", "https://bugs.gentoo.org/show_bug.cgi?id=401069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3952", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3934", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2780", "https://bugs.gentoo.org/show_bug.cgi?id=473790", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2782", "http://secunia.com/advisories/36760/", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3950", "https://secunia.com/advisories/46134/", "https://bugs.gentoo.org/show_bug.cgi?id=339036", "https://bugs.gentoo.org/show_bug.cgi?id=365273", "https://bugs.gentoo.org/show_bug.cgi?id=384095", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803", "https://bugs.gentoo.org/show_bug.cgi?id=411369", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3973", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3895", "https://bugs.gentoo.org/show_bug.cgi?id=307755", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3941", "https://bugs.gentoo.org/show_bug.cgi?id=378801", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4636", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801", "http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.10", "https://bugs.gentoo.org/show_bug.cgi?id=420305", "https://bugs.gentoo.org/show_bug.cgi?id=285719", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3893", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4635", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3937", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789", "https://bugs.gentoo.org/show_bug.cgi?id=439054", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790", "https://bugs.gentoo.org/show_bug.cgi?id=476218", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3945", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4353", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2792", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3935", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2778", "https://bugs.gentoo.org/show_bug.cgi?id=352481", "https://bugs.gentoo.org/show_bug.cgi?id=382301", "http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804", "https://bugs.gentoo.org/show_bug.cgi?id=385511", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4638", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4639", "https://bugs.gentoo.org/show_bug.cgi?id=397893", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3674", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4631", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3949", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4364", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3940", "https://bugs.gentoo.org/show_bug.cgi?id=482136", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2799", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4640", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4633", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4705", "https://bugs.gentoo.org/show_bug.cgi?id=454420", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4634", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3944", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2773", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3946", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3675", "https://bugs.gentoo.org/show_bug.cgi?id=465496", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2785", "https://bugs.gentoo.org/show_bug.cgi?id=391421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3947", "http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/1.0", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4352", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4632", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3670", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3672", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3974"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.7", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-video/ffmpeg", "operator": "lt"}], "edition": 1, "description": "### Background\n\nFFmpeg is a complete solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-1.0.7\"", "reporter": "Gentoo Foundation", "published": "2013-10-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3937", "CVE-2011-3936", "CVE-2011-3952", "CVE-2011-3940", "CVE-2011-3947", "CVE-2011-1931", "CVE-2009-4637", "CVE-2012-2773", "CVE-2012-2781", "CVE-2012-2778", "CVE-2009-4638", "CVE-2013-3673", "CVE-2010-3429", "CVE-2013-3674", "CVE-2011-3950", "CVE-2009-4639", "CVE-2009-4633", "CVE-2012-2789", "CVE-2013-3675", "CVE-2009-4635", "CVE-2012-2802", "CVE-2012-2805", "CVE-2012-2797", "CVE-2011-3951", "CVE-2012-2793", "CVE-2010-4704", "CVE-2012-2779", "CVE-2012-2771", "CVE-2012-2782", "CVE-2013-3672", "CVE-2012-2800", "CVE-2011-3934", "CVE-2012-2792", "CVE-2009-4634", "CVE-2012-2772", "CVE-2012-2788", "CVE-2011-3944", "CVE-2011-3893", "CVE-2011-3941", "CVE-2012-2786", "CVE-2011-4351", "CVE-2013-3670", "CVE-2012-2777", "CVE-2009-4631", "CVE-2012-2775", "CVE-2012-2790", "CVE-2011-3973", "CVE-2012-2803", "CVE-2009-4640", "CVE-2011-3929", "CVE-2012-2795", "CVE-2011-4364", "CVE-2012-2784", "CVE-2009-4632", "CVE-2011-3895", "CVE-2012-2801", "CVE-2010-4705", "CVE-2011-4353", "CVE-2011-3945", "CVE-2011-3974", "CVE-2011-3935", "CVE-2011-3362", "CVE-2012-2783", "CVE-2012-2774", "CVE-2012-2785", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-0947", "CVE-2012-2780", "CVE-2009-4636", "CVE-2012-2794", "CVE-2012-2804", "CVE-2012-2776", "CVE-2011-4352", "CVE-2012-2791", "CVE-2013-3671", "CVE-2011-3949", "CVE-2010-3908", "CVE-2012-2799", "CVE-2012-2798", "CVE-2011-3946"], "modified": "2013-10-25T00:00:00", "id": "GLSA-201310-12", "href": "https://security.gentoo.org/glsa/201310-12", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}