ID CVE-2011-3944Type cveReporter cve@mitre.orgModified 2014-03-08T04:50:00
Description
The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.
{"id": "CVE-2011-3944", "bulletinFamily": "NVD", "title": "CVE-2011-3944", "description": "The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.", "published": "2013-12-09T16:35:00", "modified": "2014-03-08T04:50:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3944", "reporter": "cve@mitre.org", "references": ["http://www.ffmpeg.org/security.html", "http://www.debian.org/security/2014/dsa-2855", "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1285baaab550e3e761590ef6dfb1d9bd9d1332e4"], "cvelist": ["CVE-2011-3944"], "type": "cve", "lastseen": "2019-05-29T18:11:23", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "279e35ee5a26483e112601d5df3054ca"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "fc6d49a94e9789ec98734bb3a0f41d78"}, {"key": "cpe23", "hash": "aedd69cda2633d2b519b31d494a5d414"}, {"key": "cvelist", "hash": "c1a85edeb285e41e28a195196c9b9783"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "805c5c751007648306c308e497e20dab"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "d370d473ba1bd1721d669ef98e2aeebb"}, {"key": "description", "hash": "8c1b3a82580da1aa64057d5b5af259cf"}, {"key": "href", "hash": "9fecedea65970d566e21df06d9bf3e5b"}, {"key": "modified", "hash": "22dc3b99ff39b61866a88fb80c942dea"}, {"key": "published", "hash": "9ba2fce85dab004917ef1719b3355ea8"}, {"key": "references", "hash": "b9c763c6b005ffd273cdd1cec44581c0"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "7f85b0b47ecc200fbb710e9710a7f1c5"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ea8053b90c23aed829acf3e3f61757b10a9a9298c53591b7de3821b8519018d0", "viewCount": 0, "enchantments": {"score": {"value": 8.6, "vector": "NONE", "modified": "2019-05-29T18:11:23"}, "dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DSA-2855-1:95B1F"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2855.NASL", "GENTOO_GLSA-201310-12.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13560", "SECURITYVULNS:DOC:30296"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310702855", "OPENVAS:702855", "OPENVAS:1361412562310121050"]}, {"type": "gentoo", "idList": ["GLSA-201310-12"]}], "modified": "2019-05-29T18:11:23"}, "vulnersScore": 8.6}, "objectVersion": "1.3", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.5.5", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "affectedSoftware": [{"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.5.1"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.11"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.5"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.9"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.8"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.4.5"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.4"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.5"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.5.4"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.5.3"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.3"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.2"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.6"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.5.3"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.6"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.3.3"}, {"name": "ffmpeg ffmpeg", "operator": "le", "version": "0.9.1"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.5.4"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.0"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.5.4.6"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.7"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.4.8"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.6"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.10"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.7"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.11"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.5.5"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.4.6"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.6.2"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.2"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.5"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.4.7"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.3"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.6.3"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.12"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.6.1"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.3.2"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.4.9"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.4.0"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.9"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.4.3"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.4.4"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.8"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.4.2"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.5.4.5"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.3.1"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.3.4"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.7.1"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.8.1"}, {"name": "ffmpeg ffmpeg", "operator": "eq", "version": "0.5.2"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"]}
{"openvas": [{"lastseen": "2017-08-01T10:49:13", "bulletinFamily": "scanner", "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update. A full list of the\nchanges is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10", "modified": "2017-07-17T00:00:00", "published": "2014-02-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702855", "id": "OPENVAS:702855", "title": "Debian Security Advisory DSA 2855-1 (libav - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2855.nasl 6735 2017-07-17 09:56:49Z teissa $\n# Auto-generated from advisory DSA 2855-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"libav on Debian Linux\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.10-1\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6:9.11-1.\n\nWe recommend that you upgrade your libav packages.\";\ntag_summary = \"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update. A full list of the\nchanges is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702855);\n script_version(\"$Revision: 6735 $\");\n script_cve_id(\"CVE-2011-3944\", \"CVE-2013-0845\", \"CVE-2013-0846\", \"CVE-2013-0849\", \"CVE-2013-0865\", \"CVE-2013-7010\", \"CVE-2013-7014\", \"CVE-2013-7015\");\n script_name(\"Debian Security Advisory DSA 2855-1 (libav - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-17 11:56:49 +0200 (Mon, 17 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-02-05 00:00:00 +0100 (Wed, 05 Feb 2014)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2855.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:25", "bulletinFamily": "scanner", "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update.", "modified": "2019-03-19T00:00:00", "published": "2014-02-05T00:00:00", "id": "OPENVAS:1361412562310702855", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702855", "title": "Debian Security Advisory DSA 2855-1 (libav - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2855.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2855-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702855\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2011-3944\", \"CVE-2013-0845\", \"CVE-2013-0846\", \"CVE-2013-0849\", \"CVE-2013-0865\", \"CVE-2013-7010\", \"CVE-2013-7014\", \"CVE-2013-7015\");\n script_name(\"Debian Security Advisory DSA 2855-1 (libav - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-05 00:00:00 +0100 (Wed, 05 Feb 2014)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2855.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libav on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.10-1\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6:9.11-1.\n\nWe recommend that you upgrade your libav packages.\");\n script_tag(name:\"summary\", value:\"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:59", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201310-12", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121050", "title": "Gentoo Security Advisory GLSA 201310-12", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201310-12.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121050\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:08 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201310-12\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201310-12\");\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-3908\", \"CVE-2010-4704\", \"CVE-2010-4705\", \"CVE-2011-1931\", \"CVE-2011-3362\", \"CVE-2011-3893\", \"CVE-2011-3895\", \"CVE-2011-3929\", \"CVE-2011-3934\", \"CVE-2011-3935\", \"CVE-2011-3936\", \"CVE-2011-3937\", \"CVE-2011-3940\", \"CVE-2011-3941\", \"CVE-2011-3944\", \"CVE-2011-3945\", \"CVE-2011-3946\", \"CVE-2011-3947\", \"CVE-2011-3949\", \"CVE-2011-3950\", \"CVE-2011-3951\", \"CVE-2011-3952\", \"CVE-2011-3973\", \"CVE-2011-3974\", \"CVE-2011-4351\", \"CVE-2011-4352\", \"CVE-2011-4353\", \"CVE-2011-4364\", \"CVE-2012-0947\", \"CVE-2012-2771\", \"CVE-2012-2772\", \"CVE-2012-2773\", \"CVE-2012-2774\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\", \"CVE-2012-2778\", \"CVE-2012-2779\", \"CVE-2012-2780\", \"CVE-2012-2781\", \"CVE-2012-2782\", \"CVE-2012-2783\", \"CVE-2012-2784\", \"CVE-2012-2785\", \"CVE-2012-2786\", \"CVE-2012-2787\", \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2791\", \"CVE-2012-2792\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2795\", \"CVE-2012-2796\", \"CVE-2012-2797\", \"CVE-2012-2798\", \"CVE-2012-2799\", \"CVE-2012-2800\", \"CVE-2012-2801\", \"CVE-2012-2802\", \"CVE-2012-2803\", \"CVE-2012-2804\", \"CVE-2012-2805\", \"CVE-2013-3670\", \"CVE-2013-3671\", \"CVE-2013-3672\", \"CVE-2013-3673\", \"CVE-2013-3674\", \"CVE-2013-3675\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201310-12\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-video/ffmpeg\", unaffected: make_list(\"ge 1.0.7\"), vulnerable: make_list(\"lt 1.0.7\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:36", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2855-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 05, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libav\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2011-3944 CVE-2013-0845 CVE-2013-0846 CVE-2013-0849 \n CVE-2013-0865 CVE-2013-7010 CVE-2013-7014 CVE-2013-7015\n\nSeveral security issues have been corrected in multiple demuxers and \ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update. A full list of the\nchanges is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.9-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6:9.11-1.\n\nWe recommend that you upgrade your libav packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-02-05T17:59:12", "published": "2014-02-05T17:59:12", "id": "DEBIAN:DSA-2855-1:95B1F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00024.html", "title": "[SECURITY] [DSA 2855-1] libav security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-01T02:21:16", "bulletinFamily": "scanner", "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are\njust a portion of the security issues fixed in this update. A full\nlist of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8\n.10", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-2855.NASL", "href": "https://www.tenable.com/plugins/nessus/72355", "published": "2014-02-06T00:00:00", "title": "Debian DSA-2855-1 : libav - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2855. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72355);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/19 11:02:41\");\n\n script_cve_id(\"CVE-2011-3944\", \"CVE-2013-0845\", \"CVE-2013-0846\", \"CVE-2013-0849\", \"CVE-2013-0865\", \"CVE-2013-7010\", \"CVE-2013-7014\", \"CVE-2013-7015\");\n script_bugtraq_id(51720, 57868, 63796, 63936);\n script_xref(name:\"DSA\", value:\"2855\");\n\n script_name(english:\"Debian DSA-2855-1 : libav - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are\njust a portion of the security issues fixed in this update. A full\nlist of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8\n.10\"\n );\n # http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df9bf7ae\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libav\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2855\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libav packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 6:0.8.10-1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg-dbg\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg-doc\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-dbg\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-doc\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-extra-dbg\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-tools\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec-extra-53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice-extra-53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter-extra-2\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter2\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat-extra-53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil-extra-51\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil51\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc-extra-52\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc52\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale-extra-2\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale2\", reference:\"6:0.8.10-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:40:29", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201310-12\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers and FFmpeg changelogs referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly leading to the execution of arbitrary code with the\n privileges of the user running the application or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201310-12.NASL", "href": "https://www.tenable.com/plugins/nessus/70647", "published": "2013-10-27T00:00:00", "title": "GLSA-201310-12 : FFmpeg: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201310-12.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70647);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-3908\", \"CVE-2010-4704\", \"CVE-2010-4705\", \"CVE-2011-1931\", \"CVE-2011-3362\", \"CVE-2011-3893\", \"CVE-2011-3895\", \"CVE-2011-3929\", \"CVE-2011-3934\", \"CVE-2011-3935\", \"CVE-2011-3936\", \"CVE-2011-3937\", \"CVE-2011-3940\", \"CVE-2011-3941\", \"CVE-2011-3944\", \"CVE-2011-3945\", \"CVE-2011-3946\", \"CVE-2011-3947\", \"CVE-2011-3949\", \"CVE-2011-3950\", \"CVE-2011-3951\", \"CVE-2011-3952\", \"CVE-2011-3973\", \"CVE-2011-3974\", \"CVE-2011-4351\", \"CVE-2011-4352\", \"CVE-2011-4353\", \"CVE-2011-4364\", \"CVE-2012-0947\", \"CVE-2012-2771\", \"CVE-2012-2772\", \"CVE-2012-2773\", \"CVE-2012-2774\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\", \"CVE-2012-2778\", \"CVE-2012-2779\", \"CVE-2012-2780\", \"CVE-2012-2781\", \"CVE-2012-2782\", \"CVE-2012-2783\", \"CVE-2012-2784\", \"CVE-2012-2785\", \"CVE-2012-2786\", \"CVE-2012-2787\", \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2791\", \"CVE-2012-2792\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2795\", \"CVE-2012-2796\", \"CVE-2012-2797\", \"CVE-2012-2798\", \"CVE-2012-2799\", \"CVE-2012-2800\", \"CVE-2012-2801\", \"CVE-2012-2802\", \"CVE-2012-2803\", \"CVE-2012-2804\", \"CVE-2012-2805\", \"CVE-2013-3670\", \"CVE-2013-3671\", \"CVE-2013-3672\", \"CVE-2013-3673\", \"CVE-2013-3674\", \"CVE-2013-3675\");\n script_bugtraq_id(36465, 46294, 47147, 47602, 49115, 49118, 50642, 50760, 50880, 51720, 53389, 55355, 60476, 60491, 60492, 60494, 60496, 60497);\n script_xref(name:\"GLSA\", value:\"201310-12\");\n\n script_name(english:\"GLSA-201310-12 : FFmpeg: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201310-12\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers and FFmpeg changelogs referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly leading to the execution of arbitrary code with the\n privileges of the user running the application or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5d92e58\"\n );\n # https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/1.0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50837c86\"\n );\n # http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd80b73a\"\n );\n # https://secunia.com/advisories/36760/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com//advisories/36760/\"\n );\n # https://secunia.com/advisories/46134/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com//advisories/46134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201310-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-1.0.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 1.0.7\"), vulnerable:make_list(\"lt 1.0.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FFmpeg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "description": "Vulnerabilitlies in different demuxers and decoders.", "modified": "2014-02-10T00:00:00", "published": "2014-02-10T00:00:00", "id": "SECURITYVULNS:VULN:13560", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13560", "title": "libav / ffmpeg multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2855-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nFebruary 05, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libav\r\nVulnerability : several\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2011-3944 CVE-2013-0845 CVE-2013-0846 CVE-2013-0849 \r\n CVE-2013-0865 CVE-2013-7010 CVE-2013-7014 CVE-2013-7015\r\n\r\nSeveral security issues have been corrected in multiple demuxers and \r\ndecoders of the libav multimedia library. The IDs mentioned above are just\r\na portion of the security issues fixed in this update. A full list of the\r\nchanges is available at\r\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 6:0.8.9-1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 6:9.11-1.\r\n\r\nWe recommend that you upgrade your libav packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niEYEARECAAYFAlLye6kACgkQXm3vHE4uylrI8ACfbD6s1L9JSjxy9tKale/31uwM\r\nfaUAn245iY8Wf396t+iT1Q7iaP7s8/Xo\r\n=bajx\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2014-02-10T00:00:00", "published": "2014-02-10T00:00:00", "id": "SECURITYVULNS:DOC:30296", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30296", "title": "[SECURITY] [DSA 2855-1] libav security update", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "description": "### Background\n\nFFmpeg is a complete solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-1.0.7\"", "modified": "2013-10-25T00:00:00", "published": "2013-10-25T00:00:00", "id": "GLSA-201310-12", "href": "https://security.gentoo.org/glsa/201310-12", "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
