{"id": "CVE-2009-4634", "bulletinFamily": "NVD", "title": "CVE-2009-4634", "description": "Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.", "published": "2010-02-10T02:30:00", "modified": "2011-10-26T02:44:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4634", "reporter": "cve@mitre.org", "references": ["http://www.mandriva.com/security/advisories?name=MDVSA-2011:059", "http://secunia.com/advisories/38643", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061", "http://www.securityfocus.com/bid/36465", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112", "http://www.debian.org/security/2010/dsa-2000", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114", "http://secunia.com/advisories/39482", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060", "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088", "http://www.vupen.com/english/advisories/2011/1241", "http://www.ubuntu.com/usn/USN-931-1", "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", "http://www.vupen.com/english/advisories/2010/0935", "http://secunia.com/advisories/36805"], "cvelist": ["CVE-2009-4634"], "type": "cve", "lastseen": "2019-05-29T18:10:01", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "6e22ac54fab2d2ae9262f97280d4d35a"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "eb5ba1c3238c4ad65f01f87c29d8f3df"}, {"key": "cpe23", "hash": "70b94b55c0ec7e3e919e6cc0e605c060"}, {"key": "cvelist", "hash": "20ab2287639246dcc80a845936d4b9d0"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "729f98bc4a65b3e0e24ddfee3d3c4450"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "7d7c5f35269532e6785117964a2cc28a"}, {"key": "description", "hash": "65a5cf7c2cb33a872fbee7e7d3e100cd"}, {"key": "href", "hash": "4a382cbcb01caf99bb504e29b78da6bb"}, {"key": "modified", "hash": "7d5da424c42b15fa37c16d1a588390ef"}, {"key": "published", "hash": "0e3eba7fcbaab05e8aa558bc5601cd4a"}, {"key": "references", "hash": "9924a97f6c56ab118cee221e11c78585"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "70fa9d21ae73df8e11cd40f812989876"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "551c183f453c314ae9beb7fef13a229a7b51c44e91210ba53672b9ec5c390b18", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MANDRIVA_MDVSA-2011-060.NASL", "DEBIAN_DSA-2000.NASL", "UBUNTU_USN-931-1.NASL", "MANDRIVA_MDVSA-2011-088.NASL", "MANDRIVA_MDVSA-2011-112.NASL", "MANDRIVA_MDVSA-2011-114.NASL", "MANDRIVA_MDVSA-2011-061.NASL", "GENTOO_GLSA-201310-12.NASL"]}, {"type": "ubuntu", "idList": ["USN-931-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2000-1:5F9BC"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066953", "OPENVAS:1361412562310831391", "OPENVAS:66953", "OPENVAS:840423", "OPENVAS:831391", "OPENVAS:1361412562310840423", "OPENVAS:831358", "OPENVAS:1361412562310831358", "OPENVAS:831427", "OPENVAS:1361412562310831427"]}, {"type": "seebug", "idList": ["SSV:19159"]}, {"type": "gentoo", "idList": ["GLSA-201310-12"]}], "modified": "2019-05-29T18:10:01"}, "score": {"value": 8.1, "vector": "NONE", "modified": "2019-05-29T18:10:01"}, "vulnersScore": 8.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.5"], "affectedSoftware": [{"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.5"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*"], "cwe": ["CWE-189"]}

{"nessus": [{"lastseen": "2020-02-01T00:44:57", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been identified and fixed in ffmpeg :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nAnd several additional vulnerabilities originally discovered by Google\nChrome developers were also fixed with this advisory.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "modified": "2020-02-02T00:00:00", "id": "MANDRIVA_MDVSA-2011-060.NASL", "href": "https://www.tenable.com/plugins/nessus/53272", "published": "2011-04-04T00:00:00", "title": "Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:060)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:060. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53272);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/08/02 13:32:54\");\n\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\", \"CVE-2011-2162\");\n script_xref(name:\"MDVSA\", value:\"2011:060\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:060)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in ffmpeg :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nAnd several additional vulnerabilities originally discovered by Google\nChrome developers were also fixed with this advisory.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avformats52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64swscaler0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavformats52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libswscaler0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64avformats52-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64avutil49-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64swscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libavformats52-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libavutil49-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libswscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T00:44:58", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been identified and fixed in mplayer :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nAnd several additional vulnerabilities originally discovered by Google\nChrome developers were also fixed with this advisory.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "modified": "2020-02-02T00:00:00", "id": "MANDRIVA_MDVSA-2011-088.NASL", "href": "https://www.tenable.com/plugins/nessus/54289", "published": "2011-05-17T00:00:00", "title": "Mandriva Linux Security Advisory : mplayer (MDVSA-2011:088)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:088. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54289);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:54\");\n\n script_cve_id(\n \"CVE-2009-4632\",\n \"CVE-2009-4633\",\n \"CVE-2009-4634\",\n \"CVE-2009-4635\",\n \"CVE-2009-4636\",\n \"CVE-2009-4639\",\n \"CVE-2009-4640\",\n \"CVE-2010-3429\",\n \"CVE-2010-4704\"\n );\n script_bugtraq_id(\n 36465,\n 43546,\n 46294\n );\n script_xref(name:\"MDVSA\", value:\"2011:088\");\n\n script_name(english:\"Mandriva Linux Security Advisory : mplayer (MDVSA-2011:088)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been identified and fixed in mplayer :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nAnd several additional vulnerabilities originally discovered by Google\nChrome developers were also fixed with this advisory.\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mencoder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mencoder-1.0-1.rc2.18.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mplayer-1.0-1.rc2.18.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mplayer-doc-1.0-1.rc2.18.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"mplayer-gui-1.0-1.rc2.18.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T02:51:37", "bulletinFamily": "scanner", "description": "It was discovered that FFmpeg contained multiple security issues when\nhandling certain multimedia files. If a user were tricked into opening\na crafted multimedia file, an attacker could cause a denial of service\nvia application crash, or possibly execute arbitrary code with the\nprivileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-02-02T00:00:00", "id": "UBUNTU_USN-931-1.NASL", "href": "https://www.tenable.com/plugins/nessus/45575", "published": "2010-04-20T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : ffmpeg, ffmpeg-debian vulnerabilities (USN-931-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-931-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45575);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4639\", \"CVE-2009-4640\");\n script_bugtraq_id(36465);\n script_xref(name:\"USN\", value:\"931-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : ffmpeg, ffmpeg-debian vulnerabilities (USN-931-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that FFmpeg contained multiple security issues when\nhandling certain multimedia files. If a user were tricked into opening\na crafted multimedia file, an attacker could cause a denial of service\nvia application crash, or possibly execute arbitrary code with the\nprivileges of the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/931-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ffmpeg-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ffmpeg-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavdevice-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavdevice52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavfilter-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavfilter0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavutil-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavutil1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpostproc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpostproc1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpostproc51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libswscale-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libswscale0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libswscale1d\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ffmpeg\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavcodec-dev\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavcodec1d\", pkgver:\"3:0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavformat-dev\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavformat1d\", pkgver:\"3:0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavutil-dev\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavutil1d\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpostproc-dev\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpostproc1d\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libswscale-dev\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libswscale1d\", pkgver:\"0.cvs20070307-5ubuntu7.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ffmpeg\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ffmpeg-dbg\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ffmpeg-doc\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavcodec-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavcodec51\", pkgver:\"3:0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavdevice-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavdevice52\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavformat-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavformat52\", pkgver:\"3:0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavutil-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libavutil49\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpostproc-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpostproc51\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libswscale-dev\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libswscale0\", pkgver:\"0.svn20080206-12ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ffmpeg\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ffmpeg-dbg\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ffmpeg-doc\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavcodec-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavcodec52\", pkgver:\"3:0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavdevice-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavdevice52\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavfilter-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavfilter0\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavformat-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavformat52\", pkgver:\"3:0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavutil-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libavutil49\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpostproc-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpostproc51\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libswscale-dev\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libswscale0\", pkgver:\"0.svn20090303-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"ffmpeg\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"ffmpeg-dbg\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"ffmpeg-doc\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavcodec-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavcodec52\", pkgver:\"4:0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavdevice-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavdevice52\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavfilter-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavfilter0\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavformat-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavformat52\", pkgver:\"4:0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavutil-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libavutil49\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpostproc-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpostproc51\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libswscale-dev\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libswscale0\", pkgver:\"0.5+svn20090706-2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ffmpeg / ffmpeg-dbg / ffmpeg-doc / libavcodec-dev / libavcodec1d / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T06:52:38", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder, which also provides a range of multimedia\nlibraries used in applications like MPlayer :\n\nVarious programming errors in container and codec implementations may\nlead to denial of service or the execution of arbitrary code if the\nuser is tricked into opening a malformed media file or stream.\n\nThe implementations of the following affected codecs and container\nformats have been updated :\n\n - the Vorbis audio codec\n - the Ogg container implementation\n\n - the FF Video 1 codec\n\n - the MPEG audio codec\n\n - the H264 video codec\n\n - the MOV container implementation\n\n - the Oggedc container implementation", "modified": "2020-02-02T00:00:00", "id": "DEBIAN_DSA-2000.NASL", "href": "https://www.tenable.com/plugins/nessus/44864", "published": "2010-02-24T00:00:00", "title": "Debian DSA-2000-1 : ffmpeg-debian - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2000. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44864);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/08/02 13:32:22\");\n\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4640\");\n script_xref(name:\"DSA\", value:\"2000\");\n\n script_name(english:\"Debian DSA-2000-1 : ffmpeg-debian - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder, which also provides a range of multimedia\nlibraries used in applications like MPlayer :\n\nVarious programming errors in container and codec implementations may\nlead to denial of service or the execution of arbitrary code if the\nuser is tricked into opening a malformed media file or stream.\n\nThe implementations of the following affected codecs and container\nformats have been updated :\n\n - the Vorbis audio codec\n - the Ogg container implementation\n\n - the FF Video 1 codec\n\n - the MPEG audio codec\n\n - the H264 video codec\n\n - the MOV container implementation\n\n - the Oggedc container implementation\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2000\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ffmpeg packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-18+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ffmpeg-debian\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"ffmpeg\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ffmpeg-dbg\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ffmpeg-doc\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavcodec-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavcodec51\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavdevice-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavdevice52\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavformat-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavformat52\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavutil-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavutil49\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpostproc-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpostproc51\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libswscale-dev\", reference:\"0.svn20080206-18+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libswscale0\", reference:\"0.svn20080206-18+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T00:44:58", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been identified and fixed in blender :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "modified": "2020-02-02T00:00:00", "id": "MANDRIVA_MDVSA-2011-112.NASL", "href": "https://www.tenable.com/plugins/nessus/55614", "published": "2011-07-19T00:00:00", "title": "Mandriva Linux Security Advisory : blender (MDVSA-2011:112)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:112. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55614);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/08/02 13:32:54\");\n\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\", \"CVE-2011-0723\");\n script_xref(name:\"MDVSA\", value:\"2011:112\");\n\n script_name(english:\"Mandriva Linux Security Advisory : blender (MDVSA-2011:112)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been identified and fixed in blender :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected blender package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"blender-2.47-2.2mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T00:44:58", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been identified and fixed in blender :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nFix heap corruption crashes (CVE-2011-0722)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nThe updated packages have been patched to correct these issues.", "modified": "2020-02-02T00:00:00", "id": "MANDRIVA_MDVSA-2011-114.NASL", "href": "https://www.tenable.com/plugins/nessus/55615", "published": "2011-07-19T00:00:00", "title": "Mandriva Linux Security Advisory : blender (MDVSA-2011:114)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:114. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55615);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/08/02 13:32:54\");\n\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\", \"CVE-2011-0722\", \"CVE-2011-0723\");\n script_xref(name:\"MDVSA\", value:\"2011:114\");\n\n script_name(english:\"Mandriva Linux Security Advisory : blender (MDVSA-2011:114)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been identified and fixed in blender :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nFix heap corruption crashes (CVE-2011-0722)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected blender package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:blender\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"blender-2.49b-4.1mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T00:44:57", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been identified and fixed in ffmpeg :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nFix memory corruption in WMV parsing (CVE-2010-3908)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nMultiple buffer overflows in vorbis_dec.c in the Vorbis decoder in\nFFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS\nbefore 8.0.552.344, allow remote attackers to cause a denial of\nservice (memory corruption and application crash) or possibly have\nunspecified other impact via a crafted WebM file, related to buffers\nfor (1) the channel floor and (2) the channel residue. (CVE-2011-0480)\n\nFix heap corruption crashes (CVE-2011-0722)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nAnd several additional vulnerabilities originally discovered by Google\nChrome developers were also fixed with this advisory.\n\nThe updated packages have been patched to correct these issues.", "modified": "2020-02-02T00:00:00", "id": "MANDRIVA_MDVSA-2011-061.NASL", "href": "https://www.tenable.com/plugins/nessus/53273", "published": "2011-04-04T00:00:00", "title": "Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:061)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:061. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53273);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:54\");\n\n script_cve_id(\n \"CVE-2009-4632\",\n \"CVE-2009-4633\",\n \"CVE-2009-4634\",\n \"CVE-2009-4635\",\n \"CVE-2009-4636\",\n \"CVE-2009-4639\",\n \"CVE-2009-4640\",\n \"CVE-2010-3429\",\n \"CVE-2010-3908\",\n \"CVE-2010-4704\",\n \"CVE-2011-0480\",\n \"CVE-2011-0722\",\n \"CVE-2011-0723\"\n );\n script_bugtraq_id(36465);\n script_xref(name:\"MDVSA\", value:\"2011:061\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:061)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been identified and fixed in ffmpeg :\n\noggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\npointer arithmetic, which might allow remote attackers to obtain\nsensitive memory contents and cause a denial of service via a crafted\nfile that triggers an out-of-bounds read. (CVE-2009-4632)\n\nvorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\ncomparison operator was intended, which might allow remote attackers\nto cause a denial of service and possibly execute arbitrary code via a\ncrafted file that modifies a loop counter and triggers a heap-based\nbuffer overflow. (CVE-2009-4633)\n\nMultiple integer underflows in FFmpeg 0.5 allow remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\ncrafted file that (1) bypasses a validation check in vorbis_dec.c and\ntriggers a wraparound of the stack pointer, or (2) access a pointer\nfrom out-of-bounds memory in mov.c, related to an elst tag that\nappears before a tag that creates a stream. (CVE-2009-4634)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a crafted MOV container with\nimproperly ordered tags that cause (1) mov.c and (2) utils.c to use\ninconsistent codec types and identifiers, which causes the mp3 decoder\nto process a pointer for a video structure, leading to a stack-based\nbuffer overflow. (CVE-2009-4635)\n\nFFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\nvia a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\nThe av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\nremote attackers to cause a denial of service (crash) via a crafted\nAVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\nArray index error in vorbis_dec.c in FFmpeg 0.5 allows remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a crafted Vorbis file that triggers an out-of-bounds read.\n(CVE-2009-4640)\n\nflicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in\nMPlayer and other products, allows remote attackers to execute\narbitrary code via a crafted flic file, related to an arbitrary offset\ndereference vulnerability. (CVE-2010-3429)\n\nFix memory corruption in WMV parsing (CVE-2010-3908)\n\nlibavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and\nearlier allows remote attackers to cause a denial of service\n(application crash) via a crafted .ogg file, related to the\nvorbis_floor0_decode function. (CVE-2010-4704)\n\nMultiple buffer overflows in vorbis_dec.c in the Vorbis decoder in\nFFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS\nbefore 8.0.552.344, allow remote attackers to cause a denial of\nservice (memory corruption and application crash) or possibly have\nunspecified other impact via a crafted WebM file, related to buffers\nfor (1) the channel floor and (2) the channel residue. (CVE-2011-0480)\n\nFix heap corruption crashes (CVE-2011-0722)\n\nFix invalid reads in VC-1 decoding (CVE-2011-0723)\n\nAnd several additional vulnerabilities originally discovered by Google\nChrome developers were also fixed with this advisory.\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avformats52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64postproc51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64swscaler0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavformats52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpostproc51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libswscaler0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.0\", reference:\"ffmpeg-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64avformats52-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64avutil49-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg-devel-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg-static-devel-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg52-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64postproc51-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64swscaler0-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libavformats52-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libavutil49-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libffmpeg-devel-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libffmpeg-static-devel-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libffmpeg52-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpostproc51-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libswscaler0-0.5.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T07:55:15", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201310-12\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers and FFmpeg changelogs referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly leading to the execution of arbitrary code with the\n privileges of the user running the application or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2020-02-02T00:00:00", "id": "GENTOO_GLSA-201310-12.NASL", "href": "https://www.tenable.com/plugins/nessus/70647", "published": "2013-10-27T00:00:00", "title": "GLSA-201310-12 : FFmpeg: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201310-12.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70647);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-3908\", \"CVE-2010-4704\", \"CVE-2010-4705\", \"CVE-2011-1931\", \"CVE-2011-3362\", \"CVE-2011-3893\", \"CVE-2011-3895\", \"CVE-2011-3929\", \"CVE-2011-3934\", \"CVE-2011-3935\", \"CVE-2011-3936\", \"CVE-2011-3937\", \"CVE-2011-3940\", \"CVE-2011-3941\", \"CVE-2011-3944\", \"CVE-2011-3945\", \"CVE-2011-3946\", \"CVE-2011-3947\", \"CVE-2011-3949\", \"CVE-2011-3950\", \"CVE-2011-3951\", \"CVE-2011-3952\", \"CVE-2011-3973\", \"CVE-2011-3974\", \"CVE-2011-4351\", \"CVE-2011-4352\", \"CVE-2011-4353\", \"CVE-2011-4364\", \"CVE-2012-0947\", \"CVE-2012-2771\", \"CVE-2012-2772\", \"CVE-2012-2773\", \"CVE-2012-2774\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\", \"CVE-2012-2778\", \"CVE-2012-2779\", \"CVE-2012-2780\", \"CVE-2012-2781\", \"CVE-2012-2782\", \"CVE-2012-2783\", \"CVE-2012-2784\", \"CVE-2012-2785\", \"CVE-2012-2786\", \"CVE-2012-2787\", \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2791\", \"CVE-2012-2792\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2795\", \"CVE-2012-2796\", \"CVE-2012-2797\", \"CVE-2012-2798\", \"CVE-2012-2799\", \"CVE-2012-2800\", \"CVE-2012-2801\", \"CVE-2012-2802\", \"CVE-2012-2803\", \"CVE-2012-2804\", \"CVE-2012-2805\", \"CVE-2013-3670\", \"CVE-2013-3671\", \"CVE-2013-3672\", \"CVE-2013-3673\", \"CVE-2013-3674\", \"CVE-2013-3675\");\n script_bugtraq_id(36465, 46294, 47147, 47602, 49115, 49118, 50642, 50760, 50880, 51720, 53389, 55355, 60476, 60491, 60492, 60494, 60496, 60497);\n script_xref(name:\"GLSA\", value:\"201310-12\");\n\n script_name(english:\"GLSA-201310-12 : FFmpeg: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201310-12\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers and FFmpeg changelogs referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly leading to the execution of arbitrary code with the\n privileges of the user running the application or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5d92e58\"\n );\n # https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/1.0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50837c86\"\n );\n # http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd80b73a\"\n );\n # https://secunia.com/advisories/36760/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com//advisories/36760/\"\n );\n # https://secunia.com/advisories/46134/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com//advisories/46134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201310-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-1.0.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 1.0.7\"), vulnerable:make_list(\"lt 1.0.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FFmpeg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-04T11:18:20", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-931-1", "modified": "2017-12-01T00:00:00", "published": "2010-04-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840423", "id": "OPENVAS:840423", "title": "Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_931_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that FFmpeg contained multiple security issues when\n handling certain multimedia files. If a user were tricked into opening a\n crafted multimedia file, an attacker could cause a denial of service via\n application crash, or possibly execute arbitrary code with the privileges\n of the user invoking the program.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-931-1\";\ntag_affected = \"ffmpeg, ffmpeg-debian vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-931-1/\");\n script_id(840423);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 13:13:58 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"931-1\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4637\", \"CVE-2009-4639\", \"CVE-2009-4640\");\n script_name(\"Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter0\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec51\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter0\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-05-17T00:00:00", "id": "OPENVAS:1361412562310831391", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831391", "title": "Mandriva Update for mplayer MDVSA-2011:088 (mplayer)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mplayer MDVSA-2011:088 (mplayer)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-05/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831391\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:088\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\");\n script_name(\"Mandriva Update for mplayer MDVSA-2011:088 (mplayer)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mplayer'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2009\\.0\");\n script_tag(name:\"affected\", value:\"mplayer on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been identified and fixed in mplayer:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n\n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n\n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n\n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n\n FFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\n via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\n The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\n remote attackers to cause a denial of service (crash) via a crafted\n AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n\n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n\n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n\n And several additional vulnerabilities originally discovered b ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"mencoder\", rpm:\"mencoder~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer\", rpm:\"mplayer~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-doc\", rpm:\"mplayer-doc~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-gui\", rpm:\"mplayer-gui~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:49:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 2000-1.", "modified": "2017-07-07T00:00:00", "published": "2010-02-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66953", "id": "OPENVAS:66953", "title": "Debian Security Advisory DSA 2000-1 (ffmpeg-debian)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2000_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2000-1 (ffmpeg-debian)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder, which also provides a range of multimedia\nlibraries used in applications like MPlayer:\n\nVarious programming errors in container and codec implementations\nmay lead to denial of service or the execution of arbitrary code\nif the user is tricked into opening a malformed media file or stream.\n\nAffected and updated have been the implementations of the following\ncodecs and container formats:\n\n- - the Vorbis audio codec\n- - the Ogg container implementation\n- - the FF Video 1 codec\n- - the MPEG audio codec\n- - the H264 video codec\n- - the MOV container implementation\n- - the Oggedc container implementation\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-18+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:0.5+svn20090706-5.\n\nWe recommend that you upgrade your ffmpeg packages.\";\ntag_summary = \"The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 2000-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202000-1\";\n\n\nif(description)\n{\n script_id(66953);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-25 22:02:04 +0100 (Thu, 25 Feb 2010)\");\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4640\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2000-1 (ffmpeg-debian)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec51\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:05:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 2000-1.", "modified": "2018-01-04T00:00:00", "published": "2010-02-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066953", "id": "OPENVAS:136141256231066953", "type": "openvas", "title": "Debian Security Advisory DSA 2000-1 (ffmpeg-debian)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2000_1.nasl 8287 2018-01-04 07:28:11Z teissa $\n# Description: Auto-generated from advisory DSA 2000-1 (ffmpeg-debian)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder, which also provides a range of multimedia\nlibraries used in applications like MPlayer:\n\nVarious programming errors in container and codec implementations\nmay lead to denial of service or the execution of arbitrary code\nif the user is tricked into opening a malformed media file or stream.\n\nAffected and updated have been the implementations of the following\ncodecs and container formats:\n\n- - the Vorbis audio codec\n- - the Ogg container implementation\n- - the FF Video 1 codec\n- - the MPEG audio codec\n- - the H264 video codec\n- - the MOV container implementation\n- - the Oggedc container implementation\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-18+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:0.5+svn20090706-5.\n\nWe recommend that you upgrade your ffmpeg packages.\";\ntag_summary = \"The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 2000-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202000-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66953\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-25 22:02:04 +0100 (Thu, 25 Feb 2010)\");\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4640\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 2000-1 (ffmpeg-debian)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec51\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20080206-18+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-30T10:54:26", "bulletinFamily": "scanner", "description": "Check for the Version of mplayer", "modified": "2017-10-26T00:00:00", "published": "2011-05-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831391", "id": "OPENVAS:831391", "title": "Mandriva Update for mplayer MDVSA-2011:088 (mplayer)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mplayer MDVSA-2011:088 (mplayer)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been identified and fixed in mplayer:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n \n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n \n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\n via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n \n The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\n remote attackers to cause a denial of service (crash) via a crafted\n AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n \n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n \n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n \n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n \n And several additional vulnerabilities originally discovered b ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"mplayer on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-05/msg00010.php\");\n script_id(831391);\n script_version(\"$Revision: 7585 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-17 15:58:48 +0200 (Tue, 17 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:088\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\");\n script_name(\"Mandriva Update for mplayer MDVSA-2011:088 (mplayer)\");\n\n script_summary(\"Check for the Version of mplayer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"mencoder\", rpm:\"mencoder~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer\", rpm:\"mplayer~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-doc\", rpm:\"mplayer-doc~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-gui\", rpm:\"mplayer-gui~1.0~1.rc2.18.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:01", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-04-06T00:00:00", "id": "OPENVAS:1361412562310831358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831358", "title": "Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-04/msg00002.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831358\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-06 16:20:31 +0200 (Wed, 06 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:060\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\");\n script_name(\"Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ffmpeg'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2009\\.0)\");\n script_tag(name:\"affected\", value:\"ffmpeg on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been identified and fixed in ffmpeg:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n\n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n\n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n\n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n\n The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\n remote attackers to cause a denial of service (crash) via a crafted\n AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n\n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n\n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n\n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n\n And several additional vulnerabilities originally discovered by Google\n Chrome developers were also fixed with this advisory.\n\n Package ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswscaler0\", rpm:\"libswscaler0~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64swscaler0\", rpm:\"lib64swscaler0~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswscaler0\", rpm:\"libswscaler0~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64swscaler0\", rpm:\"lib64swscaler0~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-25T10:55:35", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-931-1", "modified": "2018-01-24T00:00:00", "published": "2010-04-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840423", "id": "OPENVAS:1361412562310840423", "type": "openvas", "title": "Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_931_1.nasl 8510 2018-01-24 07:57:42Z teissa $\n#\n# Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that FFmpeg contained multiple security issues when\n handling certain multimedia files. If a user were tricked into opening a\n crafted multimedia file, an attacker could cause a denial of service via\n application crash, or possibly execute arbitrary code with the privileges\n of the user invoking the program.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-931-1\";\ntag_affected = \"ffmpeg, ffmpeg-debian vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-931-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840423\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 13:13:58 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"931-1\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4637\", \"CVE-2009-4639\", \"CVE-2009-4640\");\n script_name(\"Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter0\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20090303-1ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec51\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20080206-12ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale1d\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.cvs20070307-5ubuntu7.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavfilter0\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.5+svn20090706-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-30T10:54:27", "bulletinFamily": "scanner", "description": "Check for the Version of ffmpeg", "modified": "2017-10-26T00:00:00", "published": "2011-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831358", "id": "OPENVAS:831358", "title": "Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been identified and fixed in ffmpeg:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n \n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n \n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n \n The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows\n remote attackers to cause a denial of service (crash) via a crafted\n AVI file that triggers a divide-by-zero error. (CVE-2009-4639)\n \n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n \n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n \n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n \n And several additional vulnerabilities originally discovered by Google\n Chrome developers were also fixed with this advisory.\n \n Package ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"ffmpeg on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-04/msg00002.php\");\n script_id(831358);\n script_version(\"$Revision: 7585 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-06 16:20:31 +0200 (Wed, 06 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:060\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\");\n script_name(\"Mandriva Update for ffmpeg MDVSA-2011:060 (ffmpeg)\");\n\n script_summary(\"Check for the Version of ffmpeg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswscaler0\", rpm:\"libswscaler0~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64swscaler0\", rpm:\"lib64swscaler0~0.4.9~3.pre1.14161.1.4mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libswscaler0\", rpm:\"libswscaler0~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64swscaler0\", rpm:\"lib64swscaler0~0.4.9~3.pre1.14161.1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:01", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-07-22T00:00:00", "id": "OPENVAS:1361412562310831427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831427", "title": "Mandriva Update for blender MDVSA-2011:114 (blender)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for blender MDVSA-2011:114 (blender)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-07/msg00003.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831427\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-22 14:44:51 +0200 (Fri, 22 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2011:114\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\", \"CVE-2011-0722\", \"CVE-2011-0723\");\n script_name(\"Mandriva Update for blender MDVSA-2011:114 (blender)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'blender'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2010\\.1\");\n script_tag(name:\"affected\", value:\"blender on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been identified and fixed in blender:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n\n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n\n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n\n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n\n FFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\n via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n\n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n\n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n\n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n\n Fix heap corruption crashes (CVE-2011-0722)\n\n Fix invalid reads in VC-1 decoding (CVE-2011-0723)\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"blender\", rpm:\"blender~2.49b~4.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:38", "bulletinFamily": "scanner", "description": "Check for the Version of blender", "modified": "2017-07-06T00:00:00", "published": "2011-07-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831427", "id": "OPENVAS:831427", "title": "Mandriva Update for blender MDVSA-2011:114 (blender)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for blender MDVSA-2011:114 (blender)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been identified and fixed in blender:\n\n oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain\n pointer arithmetic, which might allow remote attackers to obtain\n sensitive memory contents and cause a denial of service via a crafted\n file that triggers an out-of-bounds read. (CVE-2009-4632)\n \n vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a\n comparison operator was intended, which might allow remote attackers\n to cause a denial of service and possibly execute arbitrary code via\n a crafted file that modifies a loop counter and triggers a heap-based\n buffer overflow. (CVE-2009-4633)\n \n Multiple integer underflows in FFmpeg 0.5 allow remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n crafted file that (1) bypasses a validation check in vorbis_dec.c\n and triggers a wraparound of the stack pointer, or (2) access a\n pointer from out-of-bounds memory in mov.c, related to an elst tag\n that appears before a tag that creates a stream. (CVE-2009-4634)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service and\n possibly execute arbitrary code via a crafted MOV container with\n improperly ordered tags that cause (1) mov.c and (2) utils.c to use\n inconsistent codec types and identifiers, which causes the mp3 decoder\n to process a pointer for a video structure, leading to a stack-based\n buffer overflow. (CVE-2009-4635)\n \n FFmpeg 0.5 allows remote attackers to cause a denial of service (hang)\n via a crafted file that triggers an infinite loop. (CVE-2009-4636)\n \n Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote\n attackers to cause a denial of service and possibly execute arbitrary\n code via a crafted Vorbis file that triggers an out-of-bounds\n read. (CVE-2009-4640)\n \n flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer\n and other products, allows remote attackers to execute arbitrary code\n via a crafted flic file, related to an arbitrary offset dereference\n vulnerability. (CVE-2010-3429)\n \n libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1\n and earlier allows remote attackers to cause a denial of service\n (application crash) via a crafted .ogg file, related to the\n vorbis_floor0_decode function. (CVE-2010-4704)\n \n Fix heap corruption crashes (CVE-2011-0722)\n \n Fix invalid reads in VC-1 decoding (CVE-2011-0723)\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"blender on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-07/msg00003.php\");\n script_id(831427);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-22 14:44:51 +0200 (Fri, 22 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2011:114\");\n script_cve_id(\"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-4704\", \"CVE-2011-0722\", \"CVE-2011-0723\");\n script_name(\"Mandriva Update for blender MDVSA-2011:114 (blender)\");\n\n script_summary(\"Check for the Version of blender\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"blender\", rpm:\"blender~2.49b~4.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:05", "bulletinFamily": "unix", "description": "It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.", "modified": "2010-04-19T00:00:00", "published": "2010-04-19T00:00:00", "id": "USN-931-1", "href": "https://usn.ubuntu.com/931-1/", "title": "FFmpeg vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:15", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2000-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 18, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : ffmpeg-debian\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-4631 CVE-2009-4632 CVE-2009-4633 CVE-2009-4634 CVE-2009-4635 CVE-2009-4636 CVE-2009-4637 CVE-2009-4638 CVE-2009-4640\n\nSeveral vulnerabilities have been discovered in ffmpeg, a multimedia \nplayer, server and encoder, which also provides a range of multimedia\nlibraries used in applications like MPlayer:\n\nVarious programming errors in container and codec implementations\nmay lead to denial of service or the execution of arbitrary code\nif the user is tricked into opening a malformed media file or stream.\n\nAffected and updated have been the implementations of the following\ncodecs and container formats:\n\n- - the Vorbis audio codec\n- - the Ogg container implementation\n- - the FF Video 1 codec\n- - the MPEG audio codec\n- - the H264 video codec\n- - the MOV container implementation\n- - the Oggedc container implementation\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-18+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4:0.5+svn20090706-5.\n\nWe recommend that you upgrade your ffmpeg packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206-18+lenny1.diff.gz\n Size/MD5 checksum: 47151 fed9d4a54eeabb8173d8d709a56cf095\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206-18+lenny1.dsc\n Size/MD5 checksum: 2095 7b95f9547056a2e3476086def011b460\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-doc_0.svn20080206-18+lenny1_all.deb\n Size/MD5 checksum: 12122858 8a18d72784468ee18742ad46efe87ea1\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 76368 331d6316aaa9ddf160a219b1a334d04a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 60340 11e42949f12f2cec51e7fb2f083179b1\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 110932 1fe5fb7d4d26fd30b9b9ed5dfbd12300\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 59168 153af9684d71c484fecce4778a6a36ee\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 60700 6e39c2745e05534987b6839b884af9b1\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 356280 64568359b94e3faf23927eaaf6654901\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 48808 dd58f41ecb4f8c549016b406e309df10\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 53758 3c215a4b4cd94762745cb13bb8112d40\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 2088016 e1c3c0cbcdd178e5a3dd88ad3e4ba537\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 233984 b7c5646a1973c51ea894ca9f098d3dab\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 3699706 a88fa8d49c0672cfc9def436bf132613\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 546800 4fef24b017a4781c418552fc3994648a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 91658 87aede2da75c79231f7eba4759039437\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_alpha.deb\n Size/MD5 checksum: 2448334 10264d01add22851466437ac2bd89b17\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 402922 de07340d2f8bd1bb05b13d969bd99578\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 51276 1003864ecbd0e7c81ea584ef969013d2\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 51968 fa6fa9eeac06f05e06503c569cb27b29\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 67936 fa1e07989b7d2e5b984113661013dcc1\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 221908 5317f61459580f6dd75dee7db768a8d0\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 51890 7dcaa104c42dee7884671e13da23034f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 4225922 cbd661e9f647e415e91c641fcdfb5a91\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 47554 b89719ce81f6e8c385dace9ffe63fd20\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 2004972 fcc6758caf4a129c128c5a01ea0066f3\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 1772818 7626334580d42beb743802ba218b93e5\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 322392 d9cb3617eb86b05c49d928f8323f5c58\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 93928 907bd476acf7e5a969c8ffd9ccefe48c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 48336 e521ea04d0249dac5b76df76c75f8865\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_amd64.deb\n Size/MD5 checksum: 104662 ebc163d2600fc48f819e665c81ebea36\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 84060 013df0b9fc7147f5633fed44e7d25f31\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 2021900 32a10e29d3599e9e95c543897169effd\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 2207564 f8f4a2dcc62927aa0634bdd021ae1a02\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 86980 e05859a7b2ed6087cd052e38336cb747\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 54008 9d1a2fc62734b26d4c6856fdc1ffac1e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 324706 11573c8261909b08a2cceaaee9c8bd0a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 57818 c325bad09e77c1d3adbcf8e5a53eae39\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 48506 2e90c645b3ad3314bc505ac1f1c809ae\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 3803948 fb3577883a6810399b756daf1144fdc3\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 392704 45a71947a4656d816ca7e55c5a97d33a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 69532 d831c71dea57c5206e2643de64676222\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 226252 4c49062c7d3b7446e00a76ebe9175511\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 53858 1adbcc553ca45450116dec5dc0405aab\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_arm.deb\n Size/MD5 checksum: 47226 64976308a5e47b92cdc5754d75dce2b1\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 49414 97e22214693f558c075db239de8ea66c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 238770 df5169a9dcdcfa570e339817c5fdf53a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 47716 229abefcb8a4541c3dee93700eac1229\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 60554 60152bf17bf95f14d58c381aa69d67fc\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 395182 da4572d879dac4ebd33a0f0c41259e29\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 326368 b521585d3e5cd5d83b5a3431462a4844\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 2189656 b5a7b7e57978b57dc3203c8ebcdc8037\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 1997374 3e462fa63e9f61c32e5ced8acfb9ba9b\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 3813068 3a442457140ef78989077c1227d2099e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 54720 7d31caa2d372f005a693112cc6d75ef5\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 85626 a65ba78089d8477d120b16b9b7ac192c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 70556 b2cf2aec4bc3bb21de6f3e0c72be7e1b\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 56220 27fad60d0e17596bf905c74e2ff2ea28\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_armel.deb\n Size/MD5 checksum: 87294 6ec48489beab7c60ec476d4a41675305\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 72982 eb1bc13433da683d398243f8ae7f180a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 383266 782d5f095e7b1b72e160854eb109b2da\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 2005678 5292e7881f33ba23e43da8bcb8fecc4f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 83902 b411ecc7233b32ee1a15a7f594fc6215\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 93734 a43b92ecf089e9783e4f66b2ffdca5b7\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 57334 b93cace09e3b1fe133e867c2b27c46d3\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 52052 6919f7fd8c3372c70014a0df87946d56\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 2234580 1401d51da785f57a20848a7647ad296a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 50560 cbd05ef875f83c5eb9f918899b163ad9\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 459408 716ce5b5d91444c7237aea18aa9296d2\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 57462 6d2c65f22446e5c240157770e6adece0\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 239318 3da02a7926fa3f690588ef448508497a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 3663744 3a4c4d6bfe140709ce8fd02fee6cf6d4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_hppa.deb\n Size/MD5 checksum: 59726 88531257d5a24bac980b4d96838415b9\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 100074 f95b9ceacb4dd14aa9865409d8c03e9a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 156752 8bc350384d38ed09c25f39c0daedc75e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 622460 b877204e13e9b7c3f240c3a4b2c70844\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 8005358 2652587c27a45743970bab3743f23744\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 386814 9c4523bcb796c422584a42864dc90c33\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 52006 424d4806a45d400a8e7d40c3b8f3b64d\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 47778 aeecfd8c294b5b6e207ef7a609bbfe2b\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 70126 e8187800b373c1b1d4ce4f47a3402853\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 61722 fa20a299535571d18aaada01e5402c60\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 76604 615031a4bca439a837b61aea0c089f82\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 66836 5273afdce199740c2e9752cfd249afcf\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 3504116 d7a3767017c9e1f5dd8d4c6d002e92ec\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 236946 8b318ea541e81dd3713220fa1b322393\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_i386.deb\n Size/MD5 checksum: 1961030 5b4353189b73e22474fab88085c15129\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 610698 639ff8da3ae97d4367154be9dacfe32d\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 277818 8e7989daea4da526a9c8b3aeb4801b82\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 100226 7a511a7838da98a7fdd43cf942e1e3da\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 65314 cae624d04e2fdc453d799b2f86ee6588\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 56688 fad14bfa6813fb2d010345790a490a7f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 55410 9700b8869b60cbd9196ee0c9cf4a1f1c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 81940 e59e53d0fb2c3e43f463c5a21dfe538e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 2917752 fd4611a54c65103074b331969aaf990b\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 68646 5d994a254e6581dbd7b08011a2172175\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 3896030 f7cbfae565a5a76a4eeeccb4d40af5c3\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 109064 d9ab84031907dbbf4fd3b453b2e2e47f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 482326 1a51675c7d1acde639fed408079530f1\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 3238334 8eb665c06cc4da14eb8fea398011c990\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_ia64.deb\n Size/MD5 checksum: 68160 19779e43c0565edd3172ef70a0fa25e1\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 1763402 385328322a43f4fd6d3d27e3af42f30d\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 2062230 1c7786786c66dfe8fc06417edf361f04\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 56084 77d8887ba7a26aa3d480ddde06ddb372\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 50382 e1f0af77e6937159610d63dd44055cb4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 458434 7020beda7d793dfd36e97df2e95f3180\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 87402 29b6db5cc5d13187360340859057d5ab\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 61002 a47e4693813b2f18279a7631241bb829\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 227580 d1524b60aa1e55794f6acb289d31bf9c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 347184 977716193af4d0233d4247f67beec722\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 74200 8e0506221f567cf3c778f448af71fcd9\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 48942 90e4809cc5927b496d3b914b341bc5bc\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 78802 91204cce32e95fa46622e368c5fde603\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 56866 c2aa63902918b0e475633b706228c69d\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_mips.deb\n Size/MD5 checksum: 3859566 4407f4f19472149bbd5905b8292f3666\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 1774576 f266f580f233021062a6fc69d25c968d\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 227864 714c76bd29728e6d7e694d116568ef88\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 78330 7d57dd60eb157c9b323e48bd55e4c246\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 73914 b8411fb9324faef6faad47a31bf076e7\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 59742 449b684b4c628c3387491acc540b14e9\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 3724358 551f6c2539f9ba74419ef53c44a2ba0e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 56758 5c4b30ce8f1e28de617bd261bc1f3fae\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 86862 50a476f0d0497a31c8ac18ee369bcd2b\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 56040 d4bef8f95a86c2899a0ce46e5fbbf4b3\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 345112 fc1ca3920495927ace1d784a50ad40d3\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 49118 4f3b6e04a1b5f4da03da10ca5d8d1dba\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 50392 367d6415d073e640972ad885992e3182\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 457538 edf7e0da65e3b465b3a06d873a810c56\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_mipsel.deb\n Size/MD5 checksum: 2066024 442a06e330c25c43b2edd9b82e4209ab\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 60632 ea5cf72fe05413b85abb93dee6ce3899\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 2104684 8bae78b164abfcf4af1f78b86da54c82\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 87698 c515b179b306f16124b38e8c7d4a46aa\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 87928 3edca2caf1630663be60c2cdb5fce98e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 278148 f29927e10f422d8aa0b45c95717aa3b4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 440996 19e426ab5d518efad61eca9073d2685e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 71600 4cef447365ef0a8fdd16fd2130298267\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 7523478 236e7a14ea1b4a52d6d014f6c0c26e2c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 3583968 600b8e6c83347d1d00d64b47ffd1a2f3\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 141056 e713eda5967c66a5cb20b615d5d7a7cd\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 71156 ce9bb43172156da0862ee8d5f1aa4c84\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 687586 5bb654308ebbc898ac17d429f4aeb9d4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 101900 4199e816e43ce4b16ee96ef709c42fc2\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_powerpc.deb\n Size/MD5 checksum: 49268 51224013e6116349848745dd43151328\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 49062 e2e7ef11e9a0284a14e581b5f7e688d1\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 70886 da9d3a31aee303200eecd2f6cdd85390\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 232622 4b531762a58ed43fce473fec4d3b7372\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 86766 0588ff05322c118f0422e0059a2ea225\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 60548 351e65828fcc7cfe71f92f66d2fca303\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 1855428 4528349ece3a0734c2c1962ccf7bf322\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 1987930 ce3e0bbd4cb9bd6b8e9447f54efe4585\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 55750 ec345a7cf7133591c12343404ed93722\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 3882524 1b1442dc76b3ad1192a2f19f01b6fded\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 56372 72ba66501769bfe85609a6d40cae8d25\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 48142 cf1be10156a44c5bd160878be35fd47e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 85140 13cc16f5c5d03b0622070ac323236ea1\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 362638 b0fab024a88b70ae155f4a9db09ac2dc\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_s390.deb\n Size/MD5 checksum: 412112 5bc0602f1439215a0faa331b491bab52\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 2137158 17398e4005bd2364e83c472eea21a680\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 77392 4d83e8cf704628f7bdc254d219c080ca\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 81886 95bc96ca87c0d09d9a1c94ddc8314179\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 6859566 55aad2473e6bd6a958a5ec66655a5ac4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 86846 094212ebd6092062374fb53d0f10adea\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 71876 0894b30af3548c13ce739172efb7e606\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 56306 da0f7077fced3a779ce19434f95b8dec\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 631966 2f1dd49c0d6a7ea8bff3ef9cae6459d4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 122772 f6a7c6d93c1d50f21d214b6d1fedace5\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 404392 a7ee9b1fe465c27b02819eabe04160e4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 47776 d4b8bd18537e4fbf64b26fbeec262999\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 247156 4ae4690c9407ad61be8b97d822251bea\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 59492 65344c8d6f63228d9fee476300950532\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_sparc.deb\n Size/MD5 checksum: 3697804 384eded1df67ddb26997f29af8a8a3bd\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2010-02-18T20:42:28", "published": "2010-02-18T20:42:28", "id": "DEBIAN:DSA-2000-1:5F9BC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00040.html", "title": "[SECURITY] [DSA 2000-1] New ffmpeg packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:14:10", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 36465\r\nCVE ID: CVE-2009-4631,CVE-2009-4632,CVE-2009-4633,CVE-2009-4634,CVE-2009-4635,CVE-2009-4636,CVE-2009-4637,CVE-2009-4638,CVE-2009-4639,CVE-2009-4640\r\n\r\nFFmpeg\u662f\u4e00\u5957\u5bf9\u97f3\u9891\u548c\u89c6\u9891\u8fdb\u884c\u89e3\u7801\u5f55\u5236\u8f6c\u6362\u7684\u5b8c\u6574\u65b9\u6848\u3002\r\n\r\nffmpeg\u89e3\u6790\u5404\u79cd\u5a92\u4f53\u6587\u4ef6\u65f6\u5b58\u5728\u591a\u4e2a\u7a7a\u6307\u9488\u5f15\u7528\u3001\u5185\u5b58\u8d8a\u754c\u6216\u6b7b\u5faa\u73af\u7b49\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n1) \u89e3\u6790AVI\u3001.ogv\u548c.wmv\u6587\u4ef6\u65f6\u7684\u7a7a\u6307\u9488\u5f15\u7528\u548c0\u9664\u6570\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5d29\u6e83\u3002\r\n\r\n2) \u5904\u7406.ogv\u6587\u4ef6\u548cmjpg\u7f16\u7801AVI\u6587\u4ef6\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5f15\u7528\u65e0\u6548\u7684\u5185\u5b58\u3002\r\n\r\n3) \u5904\u7406iv32\u7f16\u7801\u7684AVI\u6587\u4ef6\u548c.mp4\u6587\u4ef6\u65f6\u7684\u5806\u5185\u5b58\u7834\u574f\u53ef\u80fd\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n4) \u5904\u7406.ogv\u6587\u4ef6\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u89e6\u53d1\u6b7b\u5faa\u73af\u3002\r\n\r\n5) \u5904\u7406h264\u7f16\u7801\u7684AVI\u6587\u4ef6\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u89e6\u53d1\u6d6e\u70b9\u5f02\u5e38\u3002\r\n\r\n6) \u89e3\u6790MOV\u539f\u5b50\u53ef\u80fd\u89e6\u53d1\u7a7a\u6307\u9488\u5f15\u7528\u3002\r\n\r\n7) AAC\u7f16\u7801\u89e3\u7801\u5668\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u89e6\u53d1\u8d8a\u754c\u8bfb\u53d6\u3002\r\n\r\n8) mov_read_dref()\u51fd\u6570\u5728\u89e3\u6790.mp4\u6587\u4ef6\u53ef\u80fd\u5bfc\u81f4\u6302\u8d77\u3002\r\n\r\n9) \u5904\u7406.ogv\u6587\u4ef6\u65f6\u7684\u5185\u5b58\u7834\u574f\u53ef\u80fd\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nFFmpeg 0.5\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nFFmpeg\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://src.chromium.org/viewvc/chrome/trunk/deps/third_party/ffmpeg/?view=log", "modified": "2010-02-20T00:00:00", "published": "2010-02-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19159", "id": "SSV:19159", "title": "FFmpeg\u591a\u4e2a\u5a92\u4f53\u6587\u4ef6\u89e3\u6790\u62d2\u7edd\u670d\u52a1\u548c\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n https://roundup.ffmpeg.org/roundup/ffmpeg/file397/ffmpeg_crashers.zip\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-19159"}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "description": "### Background\n\nFFmpeg is a complete solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-1.0.7\"", "modified": "2013-10-25T00:00:00", "published": "2013-10-25T00:00:00", "id": "GLSA-201310-12", "href": "https://security.gentoo.org/glsa/201310-12", "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}