ID CVE-2013-7015Type cveReporter cve@mitre.orgModified 2016-12-03T03:00:00
Description
The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.
{"id": "CVE-2013-7015", "bulletinFamily": "NVD", "title": "CVE-2013-7015", "description": "The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.", "published": "2013-12-09T16:36:00", "modified": "2016-12-03T03:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7015", "reporter": "cve@mitre.org", "references": ["http://openwall.com/lists/oss-security/2013/12/08/3", "http://www.debian.org/security/2014/dsa-2855", "https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446", "http://ffmpeg.org/security.html", "https://security.gentoo.org/glsa/201603-06", "http://openwall.com/lists/oss-security/2013/11/26/7", "https://trac.ffmpeg.org/ticket/2844"], "cvelist": ["CVE-2013-7015"], "type": "cve", "lastseen": "2020-12-09T19:52:49", "edition": 5, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310702855", "OPENVAS:702855", "OPENVAS:1361412562310121448"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2855.NASL", "GENTOO_GLSA-201603-06.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30296", "SECURITYVULNS:VULN:13560"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2855-1:95B1F"]}, {"type": "gentoo", "idList": ["GLSA-201603-06"]}], "modified": "2020-12-09T19:52:49", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2020-12-09T19:52:49", "rev": 2}, "vulnersScore": 7.0}, "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:1.1.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:2.0", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:1.0", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:2.0.1", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.5.5", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:1.1.2", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:1.2.1", "cpe:/a:ffmpeg:ffmpeg:1.1.4", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:1.1.1", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:1.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "affectedSoftware": [{"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "1.1.2"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.5.4"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.3.3"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.4.9"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.4.5"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.4.3"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.9"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.10"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.8"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.4.0"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.9.1"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.3"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.4.2"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.0"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.6"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "2.0"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.6.3"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.5"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.6.1"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.11"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.8"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.6"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.1"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.1"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.11"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.3.4"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.3.1"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "1.2"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.7"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.6.2"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "1.1.4"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.4"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "1.1.3"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.5.4.5"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.5.1"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.5"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "1.2.1"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.9"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.5"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.10.3"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.7"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.12"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.11"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "1.0"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.5.5"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.3"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.4.7"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.4.4"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.5.2"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "le", "version": "2.0.1"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.4.6"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.6"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.5.4"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.10.4"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.5.3"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.8.2"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.4.8"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.10"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.5.3"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "1.1.1"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.5.4.6"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.7.2"}, {"cpeName": "ffmpeg:ffmpeg", "name": "ffmpeg", "operator": "eq", "version": "0.3.2"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.1.1:*:*:*:*:*:*:*"], "cwe": ["CWE-20"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.0.1:*:*:*:*:*:*:*", "versionEndIncluding": "2.0.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:1.1.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:1.1.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:2.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:1.2.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:1.1.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:1.1.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:1.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"securityvulns": [{"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2013-7015", "CVE-2013-0846", "CVE-2013-0845", "CVE-2011-3944", "CVE-2013-7010", "CVE-2013-0865", "CVE-2013-0849", "CVE-2013-7014"], "description": "Vulnerabilitlies in different demuxers and decoders.", "edition": 1, "modified": "2014-02-10T00:00:00", "published": "2014-02-10T00:00:00", "id": "SECURITYVULNS:VULN:13560", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13560", "title": "libav / ffmpeg multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-7015", "CVE-2013-0846", "CVE-2013-0845", "CVE-2011-3944", "CVE-2013-7010", "CVE-2013-0865", "CVE-2013-0849", "CVE-2013-7014"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2855-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nFebruary 05, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libav\r\nVulnerability : several\r\nProblem type : local\r\nDebian-specific: no\r\nCVE ID : CVE-2011-3944 CVE-2013-0845 CVE-2013-0846 CVE-2013-0849 \r\n CVE-2013-0865 CVE-2013-7010 CVE-2013-7014 CVE-2013-7015\r\n\r\nSeveral security issues have been corrected in multiple demuxers and \r\ndecoders of the libav multimedia library. The IDs mentioned above are just\r\na portion of the security issues fixed in this update. A full list of the\r\nchanges is available at\r\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 6:0.8.9-1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 6:9.11-1.\r\n\r\nWe recommend that you upgrade your libav packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niEYEARECAAYFAlLye6kACgkQXm3vHE4uylrI8ACfbD6s1L9JSjxy9tKale/31uwM\r\nfaUAn245iY8Wf396t+iT1Q7iaP7s8/Xo\r\n=bajx\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-02-10T00:00:00", "published": "2014-02-10T00:00:00", "id": "SECURITYVULNS:DOC:30296", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30296", "title": "[SECURITY] [DSA 2855-1] libav security update", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-08-12T01:07:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7015", "CVE-2013-0846", "CVE-2013-0845", "CVE-2011-3944", "CVE-2013-7010", "CVE-2013-0865", "CVE-2013-0849", "CVE-2013-7014"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2855-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 05, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libav\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2011-3944 CVE-2013-0845 CVE-2013-0846 CVE-2013-0849 \n CVE-2013-0865 CVE-2013-7010 CVE-2013-7014 CVE-2013-7015\n\nSeveral security issues have been corrected in multiple demuxers and \ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update. A full list of the\nchanges is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.9-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6:9.11-1.\n\nWe recommend that you upgrade your libav packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2014-02-05T17:59:12", "published": "2014-02-05T17:59:12", "id": "DEBIAN:DSA-2855-1:95B1F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00024.html", "title": "[SECURITY] [DSA 2855-1] libav security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7015", "CVE-2013-0846", "CVE-2013-0845", "CVE-2011-3944", "CVE-2013-7010", "CVE-2013-0865", "CVE-2013-0849", "CVE-2013-7014"], "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update.", "modified": "2019-03-19T00:00:00", "published": "2014-02-05T00:00:00", "id": "OPENVAS:1361412562310702855", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702855", "type": "openvas", "title": "Debian Security Advisory DSA 2855-1 (libav - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2855.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2855-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702855\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2011-3944\", \"CVE-2013-0845\", \"CVE-2013-0846\", \"CVE-2013-0849\", \"CVE-2013-0865\", \"CVE-2013-7010\", \"CVE-2013-7014\", \"CVE-2013-7015\");\n script_name(\"Debian Security Advisory DSA 2855-1 (libav - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-05 00:00:00 +0100 (Wed, 05 Feb 2014)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2855.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libav on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.10-1\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6:9.11-1.\n\nWe recommend that you upgrade your libav packages.\");\n script_tag(name:\"summary\", value:\"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.10-\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-08-01T10:49:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7015", "CVE-2013-0846", "CVE-2013-0845", "CVE-2011-3944", "CVE-2013-7010", "CVE-2013-0865", "CVE-2013-0849", "CVE-2013-7014"], "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update. A full list of the\nchanges is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10", "modified": "2017-07-17T00:00:00", "published": "2014-02-05T00:00:00", "id": "OPENVAS:702855", "href": "http://plugins.openvas.org/nasl.php?oid=702855", "type": "openvas", "title": "Debian Security Advisory DSA 2855-1 (libav - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2855.nasl 6735 2017-07-17 09:56:49Z teissa $\n# Auto-generated from advisory DSA 2855-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"libav on Debian Linux\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.10-1\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6:9.11-1.\n\nWe recommend that you upgrade your libav packages.\";\ntag_summary = \"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update. A full list of the\nchanges is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702855);\n script_version(\"$Revision: 6735 $\");\n script_cve_id(\"CVE-2011-3944\", \"CVE-2013-0845\", \"CVE-2013-0846\", \"CVE-2013-0849\", \"CVE-2013-0865\", \"CVE-2013-7010\", \"CVE-2013-7014\", \"CVE-2013-7015\");\n script_name(\"Debian Security Advisory DSA 2855-1 (libav - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-17 11:56:49 +0200 (Mon, 17 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-02-05 00:00:00 +0100 (Wed, 05 Feb 2014)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2855.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.10-\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.10-\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.10-\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.10-\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "description": "Gentoo Linux Local Security Checks GLSA 201603-06", "modified": "2018-10-26T00:00:00", "published": "2016-03-14T00:00:00", "id": "OPENVAS:1361412562310121448", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121448", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201603-06", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201603-06.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121448\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 15:52:42 +0200 (Mon, 14 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201603-06\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201603-06\");\n script_cve_id(\"CVE-2013-0860\", \"CVE-2013-0861\", \"CVE-2013-0862\", \"CVE-2013-0863\", \"CVE-2013-0864\", \"CVE-2013-0865\", \"CVE-2013-0866\", \"CVE-2013-0867\", \"CVE-2013-0868\", \"CVE-2013-0872\", \"CVE-2013-0873\", \"CVE-2013-0874\", \"CVE-2013-0875\", \"CVE-2013-0876\", \"CVE-2013-0877\", \"CVE-2013-0878\", \"CVE-2013-4263\", \"CVE-2013-4264\", \"CVE-2013-4265\", \"CVE-2013-7008\", \"CVE-2013-7009\", \"CVE-2013-7010\", \"CVE-2013-7011\", \"CVE-2013-7012\", \"CVE-2013-7013\", \"CVE-2013-7014\", \"CVE-2013-7015\", \"CVE-2013-7016\", \"CVE-2013-7017\", \"CVE-2013-7018\", \"CVE-2013-7019\", \"CVE-2013-7020\", \"CVE-2013-7021\", \"CVE-2013-7022\", \"CVE-2013-7023\", \"CVE-2013-7024\", \"CVE-2014-2097\", \"CVE-2014-2098\", \"CVE-2014-2263\", \"CVE-2014-5271\", \"CVE-2014-5272\", \"CVE-2014-7937\", \"CVE-2014-8541\", \"CVE-2014-8542\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8545\", \"CVE-2014-8546\", \"CVE-2014-8547\", \"CVE-2014-8548\", \"CVE-2014-8549\", \"CVE-2014-9316\", \"CVE-2014-9317\", \"CVE-2014-9318\", \"CVE-2014-9319\", \"CVE-2014-9602\", \"CVE-2014-9603\", \"CVE-2014-9604\", \"CVE-2015-3395\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201603-06\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-video/ffmpeg\", unaffected: make_list(\"ge 2.6.3\"), vulnerable: make_list(\"lt 2.6.3\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T09:48:18", "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are\njust a portion of the security issues fixed in this update. A full\nlist of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8\n.10", "edition": 16, "published": "2014-02-06T00:00:00", "title": "Debian DSA-2855-1 : libav - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7015", "CVE-2013-0846", "CVE-2013-0845", "CVE-2011-3944", "CVE-2013-7010", "CVE-2013-0865", "CVE-2013-0849", "CVE-2013-7014"], "modified": "2014-02-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libav", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2855.NASL", "href": "https://www.tenable.com/plugins/nessus/72355", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2855. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72355);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3944\", \"CVE-2013-0845\", \"CVE-2013-0846\", \"CVE-2013-0849\", \"CVE-2013-0865\", \"CVE-2013-7010\", \"CVE-2013-7014\", \"CVE-2013-7015\");\n script_bugtraq_id(51720, 57868, 63796, 63936);\n script_xref(name:\"DSA\", value:\"2855\");\n\n script_name(english:\"Debian DSA-2855-1 : libav - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are\njust a portion of the security issues fixed in this update. A full\nlist of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8\n.10\"\n );\n # http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df9bf7ae\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libav\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2855\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libav packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 6:0.8.10-1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg-dbg\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg-doc\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-dbg\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-doc\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-extra-dbg\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-tools\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec-extra-53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice-extra-53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter-extra-2\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter2\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat-extra-53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat53\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil-extra-51\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil51\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc-extra-52\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc52\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale-dev\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale-extra-2\", reference:\"6:0.8.10-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale2\", reference:\"6:0.8.10-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:04:55", "description": "The remote host is affected by the vulnerability described in GLSA-201603-06\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code or cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2016-03-14T00:00:00", "title": "GLSA-201603-06 : FFmpeg: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "modified": "2016-03-14T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ffmpeg"], "id": "GENTOO_GLSA-201603-06.NASL", "href": "https://www.tenable.com/plugins/nessus/89899", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201603-06.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89899);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0860\", \"CVE-2013-0861\", \"CVE-2013-0862\", \"CVE-2013-0863\", \"CVE-2013-0864\", \"CVE-2013-0865\", \"CVE-2013-0866\", \"CVE-2013-0867\", \"CVE-2013-0868\", \"CVE-2013-0872\", \"CVE-2013-0873\", \"CVE-2013-0874\", \"CVE-2013-0875\", \"CVE-2013-0876\", \"CVE-2013-0877\", \"CVE-2013-0878\", \"CVE-2013-4263\", \"CVE-2013-4264\", \"CVE-2013-4265\", \"CVE-2013-7008\", \"CVE-2013-7009\", \"CVE-2013-7010\", \"CVE-2013-7011\", \"CVE-2013-7012\", \"CVE-2013-7013\", \"CVE-2013-7014\", \"CVE-2013-7015\", \"CVE-2013-7016\", \"CVE-2013-7017\", \"CVE-2013-7018\", \"CVE-2013-7019\", \"CVE-2013-7020\", \"CVE-2013-7021\", \"CVE-2013-7022\", \"CVE-2013-7023\", \"CVE-2013-7024\", \"CVE-2014-2097\", \"CVE-2014-2098\", \"CVE-2014-2263\", \"CVE-2014-5271\", \"CVE-2014-5272\", \"CVE-2014-7937\", \"CVE-2014-8541\", \"CVE-2014-8542\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8545\", \"CVE-2014-8546\", \"CVE-2014-8547\", \"CVE-2014-8548\", \"CVE-2014-8549\", \"CVE-2014-9316\", \"CVE-2014-9317\", \"CVE-2014-9318\", \"CVE-2014-9319\", \"CVE-2014-9602\", \"CVE-2014-9603\", \"CVE-2014-9604\", \"CVE-2015-3395\");\n script_xref(name:\"GLSA\", value:\"201603-06\");\n\n script_name(english:\"GLSA-201603-06 : FFmpeg: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201603-06\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code or cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201603-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-2.6.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 2.6.3\"), vulnerable:make_list(\"lt 2.6.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FFmpeg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:01", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "description": "### Background\n\nFFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-2.6.3\"", "edition": 1, "modified": "2016-03-12T00:00:00", "published": "2016-03-12T00:00:00", "id": "GLSA-201603-06", "href": "https://security.gentoo.org/glsa/201603-06", "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
