ID CVE-2013-7022Type cveReporter NVDModified 2016-12-02T22:00:47
Description
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
{"title": "CVE-2013-7022", "reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "published": "2013-12-09T11:36:50", "cvelist": ["CVE-2013-7022"], "viewCount": 0, "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7022", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "748afbc190453cb06fbdb25836d02f1f", "key": "cpe"}, {"hash": "9f895b78d29fc0c76846f11229a12e0e", "key": "cvelist"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "4e1e2b50caf56fa09f6068e8a9644fa8", "key": "description"}, {"hash": "ab441f492d7a3d1d2e0cc00c8b901030", "key": "href"}, {"hash": "294e043cb9ad5c3af2848a2cb0101c10", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "52cde7566612d7601a33b72e67c74b72", "key": "published"}, {"hash": "7ac5ccca8f52f30f41a5ededc4bd6714", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "1c2f08e5ab817ef362276ca333acb4fa", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2013-12-09T11:36:50", "cvelist": ["CVE-2013-7022"], "title": "CVE-2013-7022", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7022", "bulletinFamily": "NVD", "id": "CVE-2013-7022", "history": [], "scanner": [], "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:1.1.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:2.0", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:1.0", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:2.0.1", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.4.9:pre1", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.5.5", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:1.1.2", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:1.2.1", "cpe:/a:ffmpeg:ffmpeg:1.1.4", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:1.1.1", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:1.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "modified": "2013-12-10T15:46:24", "hash": "78a8c90065b2b53cee72865966d1d01a1be5d6f70c52a927ce9004d22d9efff0", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "viewCount": 0, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["http://openwall.com/lists/oss-security/2013/12/08/3", "http://ffmpeg.org/security.html", "https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd", "https://trac.ffmpeg.org/ticket/2971", "http://openwall.com/lists/oss-security/2013/11/26/7"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "5541ea59cd849d1992b5b4a157b3f8b1", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "748afbc190453cb06fbdb25836d02f1f", "key": "cpe"}, {"hash": "1c2f08e5ab817ef362276ca333acb4fa", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "4e1e2b50caf56fa09f6068e8a9644fa8", "key": "description"}, {"hash": "ab441f492d7a3d1d2e0cc00c8b901030", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "9f895b78d29fc0c76846f11229a12e0e", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "52cde7566612d7601a33b72e67c74b72", "key": "published"}, {"hash": "98b57c4327b27d9b94e90fe07d1a07c0", "key": "modified"}], "lastseen": "2016-09-03T19:16:56", "description": "The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data."}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T19:16:56"}], "scanner": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "modified": "2016-12-02T22:00:47", "hash": "a90dc657a2f6928c273953e63fadc66fed7169ddb33e345354e1cfc0bd0cc93f", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:1.1.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:2.0", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:1.0", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:2.0.1", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.4.9:pre1", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.5.5", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:1.1.2", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:1.2.1", "cpe:/a:ffmpeg:ffmpeg:1.1.4", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:1.1.1", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:1.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "edition": 2, "description": "The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.", "references": ["http://openwall.com/lists/oss-security/2013/12/08/3", "http://ffmpeg.org/security.html", "https://security.gentoo.org/glsa/201603-06", "https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd", "https://trac.ffmpeg.org/ticket/2971", "http://openwall.com/lists/oss-security/2013/11/26/7"], "id": "CVE-2013-7022", "lastseen": "2017-04-18T15:54:14", "assessment": {"name": "", "href": "", "system": ""}}
{"gentoo": [{"lastseen": "2016-09-06T19:46:01", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9603", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7023", "https://bugs.gentoo.org/show_bug.cgi?id=493452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9317", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0878", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0866", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5272", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7016", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0864", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7011", "https://bugs.gentoo.org/show_bug.cgi?id=485228", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3395", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4264", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7024", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0868", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4263", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0876", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5271", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0861", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0863", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0872", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8542", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8543", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7020", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0865", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2098", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8546", "https://bugs.gentoo.org/show_bug.cgi?id=553734", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7013", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0867", "https://bugs.gentoo.org/show_bug.cgi?id=520132", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7008", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7021", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0873", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0877", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7018", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2263", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0874", "https://bugs.gentoo.org/show_bug.cgi?id=548006", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2097", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7012", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7009", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7014", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9316", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0875", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4265", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9604", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9602", "https://bugs.gentoo.org/show_bug.cgi?id=494038", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9318", "https://bugs.gentoo.org/show_bug.cgi?id=536218", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0860", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8545", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7019", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7015", "https://bugs.gentoo.org/show_bug.cgi?id=488052", "https://bugs.gentoo.org/show_bug.cgi?id=515282", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7010", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0862", "https://bugs.gentoo.org/show_bug.cgi?id=486692", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8544", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7017", "https://bugs.gentoo.org/show_bug.cgi?id=537558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7022", "https://bugs.gentoo.org/show_bug.cgi?id=492742", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9319"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.6.3", "packageName": "media-video/ffmpeg", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nFFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-2.6.3\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2016-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "modified": "2016-03-12T00:00:00", "id": "GLSA-201603-06", "href": "https://security.gentoo.org/glsa/201603-06", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:46:50", "references": ["https://security.gentoo.org/glsa/201603-06"], "pluginID": "1361412562310121448", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201603-06", "edition": 5, "reporter": "Eero Volotinen", "published": "2016-03-14T00:00:00", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201603-06", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:1361412562310121448", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121448", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201603-06.nasl 8029 2017-12-07 12:38:42Z teissa $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# OpenVAS and security consultance available from openvas@solinor.com\n# see https://solinor.fi/openvas-en/ for more information\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121448\");\nscript_version(\"$Revision: 8029 $\");\nscript_tag(name:\"creation_date\", value:\"2016-03-14 15:52:42 +0200 (Mon, 14 Mar 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 13:38:42 +0100 (Thu, 07 Dec 2017) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201603-06\");\nscript_tag(name: \"insight\", value: \"Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201603-06\");\nscript_cve_id(\"CVE-2013-0860\",\"CVE-2013-0861\",\"CVE-2013-0862\",\"CVE-2013-0863\",\"CVE-2013-0864\",\"CVE-2013-0865\",\"CVE-2013-0866\",\"CVE-2013-0867\",\"CVE-2013-0868\",\"CVE-2013-0872\",\"CVE-2013-0873\",\"CVE-2013-0874\",\"CVE-2013-0875\",\"CVE-2013-0876\",\"CVE-2013-0877\",\"CVE-2013-0878\",\"CVE-2013-4263\",\"CVE-2013-4264\",\"CVE-2013-4265\",\"CVE-2013-7008\",\"CVE-2013-7009\",\"CVE-2013-7010\",\"CVE-2013-7011\",\"CVE-2013-7012\",\"CVE-2013-7013\",\"CVE-2013-7014\",\"CVE-2013-7015\",\"CVE-2013-7016\",\"CVE-2013-7017\",\"CVE-2013-7018\",\"CVE-2013-7019\",\"CVE-2013-7020\",\"CVE-2013-7021\",\"CVE-2013-7022\",\"CVE-2013-7023\",\"CVE-2013-7024\",\"CVE-2014-2097\",\"CVE-2014-2098\",\"CVE-2014-2263\",\"CVE-2014-5271\",\"CVE-2014-5272\",\"CVE-2014-7937\",\"CVE-2014-8541\",\"CVE-2014-8542\",\"CVE-2014-8543\",\"CVE-2014-8544\",\"CVE-2014-8545\",\"CVE-2014-8546\",\"CVE-2014-8547\",\"CVE-2014-8548\",\"CVE-2014-8549\",\"CVE-2014-9316\",\"CVE-2014-9317\",\"CVE-2014-9318\",\"CVE-2014-9319\",\"CVE-2014-9602\",\"CVE-2014-9603\",\"CVE-2014-9604\",\"CVE-2015-3395\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name: \"summary\" , value: \"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201603-06\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-video/ffmpeg\", unaffected: make_list(\"ge 2.6.3\"), vulnerable: make_list(\"lt 2.6.3\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:38:00", "references": ["https://security.gentoo.org/glsa/201603-06"], "pluginID": "89899", "description": "The remote host is affected by the vulnerability described in GLSA-201603-06 (FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "reporter": "Tenable", "published": "2016-03-14T00:00:00", "title": "GLSA-201603-06 : FFmpeg: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "modified": "2016-03-14T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ffmpeg"], "id": "GENTOO_GLSA-201603-06.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89899", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201603-06.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89899);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/03/14 14:55:46 $\");\n\n script_cve_id(\"CVE-2013-0860\", \"CVE-2013-0861\", \"CVE-2013-0862\", \"CVE-2013-0863\", \"CVE-2013-0864\", \"CVE-2013-0865\", \"CVE-2013-0866\", \"CVE-2013-0867\", \"CVE-2013-0868\", \"CVE-2013-0872\", \"CVE-2013-0873\", \"CVE-2013-0874\", \"CVE-2013-0875\", \"CVE-2013-0876\", \"CVE-2013-0877\", \"CVE-2013-0878\", \"CVE-2013-4263\", \"CVE-2013-4264\", \"CVE-2013-4265\", \"CVE-2013-7008\", \"CVE-2013-7009\", \"CVE-2013-7010\", \"CVE-2013-7011\", \"CVE-2013-7012\", \"CVE-2013-7013\", \"CVE-2013-7014\", \"CVE-2013-7015\", \"CVE-2013-7016\", \"CVE-2013-7017\", \"CVE-2013-7018\", \"CVE-2013-7019\", \"CVE-2013-7020\", \"CVE-2013-7021\", \"CVE-2013-7022\", \"CVE-2013-7023\", \"CVE-2013-7024\", \"CVE-2014-2097\", \"CVE-2014-2098\", \"CVE-2014-2263\", \"CVE-2014-5271\", \"CVE-2014-5272\", \"CVE-2014-7937\", \"CVE-2014-8541\", \"CVE-2014-8542\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8545\", \"CVE-2014-8546\", \"CVE-2014-8547\", \"CVE-2014-8548\", \"CVE-2014-8549\", \"CVE-2014-9316\", \"CVE-2014-9317\", \"CVE-2014-9318\", \"CVE-2014-9319\", \"CVE-2014-9602\", \"CVE-2014-9603\", \"CVE-2014-9604\", \"CVE-2015-3395\");\n script_xref(name:\"GLSA\", value:\"201603-06\");\n\n script_name(english:\"GLSA-201603-06 : FFmpeg: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201603-06\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code or cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201603-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-2.6.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 2.6.3\"), vulnerable:make_list(\"lt 2.6.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FFmpeg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
