{"cve": [{"lastseen": "2019-05-29T18:13:50", "bulletinFamily": "NVD", "description": "libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.", "modified": "2016-12-03T03:02:00", "id": "CVE-2014-9604", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9604", "published": "2015-01-16T20:59:00", "title": "CVE-2014-9604", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:49", "bulletinFamily": "NVD", "description": "libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.", "modified": "2016-12-03T03:01:00", "id": "CVE-2014-8544", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8544", "published": "2014-11-05T11:55:00", "title": "CVE-2014-8544", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:37:23", "bulletinFamily": "scanner", "description": "The libav project reports :\n\nutvideodec: Handle slice_height being zero (CVE-2014-9604)\n\ntiff: Check that there is no aliasing in pixel format selection\n(CVE-2014-8544)", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_2F75141CDA1D11E48D325404A68AD561.NASL", "href": "https://www.tenable.com/plugins/nessus/82578", "published": "2015-04-06T00:00:00", "title": "FreeBSD : Several vulnerabilities in libav (2f75141c-da1d-11e4-8d32-5404a68ad561)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82578);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:44\");\n\n script_cve_id(\"CVE-2014-8544\", \"CVE-2014-9604\");\n\n script_name(english:\"FreeBSD : Several vulnerabilities in libav (2f75141c-da1d-11e4-8d32-5404a68ad561)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libav project reports :\n\nutvideodec: Handle slice_height being zero (CVE-2014-9604)\n\ntiff: Check that there is no aliasing in pixel format selection\n(CVE-2014-8544)\"\n );\n # https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35ddf876\"\n );\n # https://vuxml.freebsd.org/freebsd/2f75141c-da1d-11e4-8d32-5404a68ad561.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eeb4f4d9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libav<11.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:21:20", "bulletinFamily": "scanner", "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes\nis available at", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-3189.NASL", "href": "https://www.tenable.com/plugins/nessus/81833", "published": "2015-03-17T00:00:00", "title": "Debian DSA-3189-1 : libav - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3189. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81833);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2014-7933\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8547\", \"CVE-2014-8548\", \"CVE-2014-9604\");\n script_bugtraq_id(70876, 70880, 70884, 70888, 72272, 72288);\n script_xref(name:\"DSA\", value:\"3189\");\n\n script_name(english:\"Debian DSA-3189-1 : libav - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes\nis available at\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libav\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3189\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libav packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 6:0.8.17-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg-dbg\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg-doc\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-dbg\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-doc\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-extra-dbg\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-tools\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec-dev\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec-extra-53\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec53\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice-dev\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice-extra-53\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice53\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter-dev\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter-extra-2\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter2\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat-dev\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat-extra-53\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat53\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil-dev\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil-extra-51\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil51\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc-dev\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc-extra-52\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc52\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale-dev\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale-extra-2\", reference:\"6:0.8.17-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale2\", reference:\"6:0.8.17-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:30:57", "bulletinFamily": "scanner", "description": "It was discovered that Libav incorrectly handled certain malformed\nmedia files. If a user were tricked into opening a crafted media file,\nan attacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-2534-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81910", "published": "2015-03-18T00:00:00", "title": "Ubuntu 12.04 LTS : libav vulnerabilities (USN-2534-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2534-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81910);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:44\");\n\n script_cve_id(\"CVE-2014-8542\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8547\", \"CVE-2014-8548\", \"CVE-2014-9604\");\n script_bugtraq_id(70876, 70880, 70881, 70884, 70888, 72272);\n script_xref(name:\"USN\", value:\"2534-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : libav vulnerabilities (USN-2534-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Libav incorrectly handled certain malformed\nmedia files. If a user were tricked into opening a crafted media file,\nan attacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2534-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libavcodec53 and / or libavformat53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat53\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libavcodec53\", pkgver:\"4:0.8.17-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libavformat53\", pkgver:\"4:0.8.17-0ubuntu0.12.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libavcodec53 / libavformat53\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:36:52", "bulletinFamily": "scanner", "description": "The Mageia project reports :\n\nAvidemux is built with a bundled set of FFmpeg libraries. The bundled\nFFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these\nsecurity issues and other bugs fixed upstream in FFmpeg.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_022255BE089511E5A2425404A68AD561.NASL", "href": "https://www.tenable.com/plugins/nessus/83939", "published": "2015-06-02T00:00:00", "title": "FreeBSD : avidemux26 -- multiple vulnerabilities in bundled FFmpeg (022255be-0895-11e5-a242-5404a68ad561)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83939);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:44\");\n\n script_cve_id(\"CVE-2014-9316\", \"CVE-2014-9317\", \"CVE-2014-9603\", \"CVE-2014-9604\", \"CVE-2015-1872\", \"CVE-2015-3417\");\n\n script_name(english:\"FreeBSD : avidemux26 -- multiple vulnerabilities in bundled FFmpeg (022255be-0895-11e5-a242-5404a68ad561)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mageia project reports :\n\nAvidemux is built with a bundled set of FFmpeg libraries. The bundled\nFFmpeg version has been updated from 1.2.10 to 1.2.12 to fix these\nsecurity issues and other bugs fixed upstream in FFmpeg.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0233.html\"\n );\n # https://vuxml.freebsd.org/freebsd/022255be-0895-11e5-a242-5404a68ad561.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a67d9dca\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:avidemux2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:avidemux26\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"avidemux2<2.6.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"avidemux26<2.6.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:55:20", "bulletinFamily": "scanner", "description": "Updated ffmpeg packages fix security vulnerabilities :\n\nThe tak_decode_frame function in libavcodec/takdec.c in FFmpeg before\n2.0.4 does not properly validate a certain bits-per-sample value,\nwhich allows remote attackers to cause a denial of service\n(out-of-bounds array access) or possibly have unspecified other impact\nvia crafted TAK (aka Tom", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2015-173.NASL", "href": "https://www.tenable.com/plugins/nessus/82449", "published": "2015-03-31T00:00:00", "title": "Mandriva Linux Security Advisory : ffmpeg (MDVSA-2015:173)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:173. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82449);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/08/02 13:32:57\");\n\n script_cve_id(\"CVE-2014-2097\", \"CVE-2014-2098\", \"CVE-2014-2099\", \"CVE-2014-2263\", \"CVE-2014-4610\", \"CVE-2014-5271\", \"CVE-2014-5272\", \"CVE-2014-8541\", \"CVE-2014-8542\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8545\", \"CVE-2014-8546\", \"CVE-2014-8547\", \"CVE-2014-8548\");\n script_xref(name:\"MDVSA\", value:\"2015:173\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ffmpeg (MDVSA-2015:173)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ffmpeg packages fix security vulnerabilities :\n\nThe tak_decode_frame function in libavcodec/takdec.c in FFmpeg before\n2.0.4 does not properly validate a certain bits-per-sample value,\nwhich allows remote attackers to cause a denial of service\n(out-of-bounds array access) or possibly have unspecified other impact\nvia crafted TAK (aka Tom's lossless Audio Kompressor) data\n(CVE-2014-2097).\n\nlibavcodec/wmalosslessdec.c in FFmpeg before 2.0.4 uses an incorrect\ndata-structure size for certain coefficients, which allows remote\nattackers to cause a denial of service (memory corruption) or possibly\nhave unspecified other impact via crafted WMA data (CVE-2014-2098).\n\nThe msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before\n2.0.4 does not properly calculate line sizes, which allows remote\nattackers to cause a denial of service (out-of-bounds array access) or\npossibly have unspecified other impact via crafted Microsoft RLE video\ndata (CVE-2014-2099).\n\nThe mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)\nmuxer (libavformat/mpegtsenc.c) in FFmpeg before 2.0.4 allows remote\nattackers to have unspecified impact and vectors, which trigger an\nout-of-bounds write (CVE-2014-2263).\n\nAn integer overflow in LZO decompression in FFmpeg before 2.0.5 allows\nremote attackers to have an unspecified impact by embedding compressed\ndata in a video file (CVE-2014-4610).\n\nA heap-based buffer overflow in the encode_slice function in\nlibavcodec/proresenc_kostya.c in FFmpeg before 2.0.6 can cause a\ncrash, allowing a malicious image file to cause a denial of service\n(CVE-2014-5271).\n\nlibavcodec/iff.c in FFmpeg before 2.0.6 allows an attacker to have an\nunspecified impact via a crafted iff image, which triggers an\nout-of-bounds array access, related to the rgb8 and rgbn formats\n(CVE-2014-5272).\n\nlibavcodec/mjpegdec.c in FFmpeg before 2.0.6 considers only dimension\ndifferences, and not bits-per-pixel differences, when determining\nwhether an image size has changed, which allows remote attackers to\ncause a denial of service (out-of-bounds access) or possibly have\nunspecified other impact via crafted MJPEG data (CVE-2014-8541).\n\nlibavcodec/utils.c in FFmpeg before 2.0.6 omits a certain codec ID\nduring enforcement of alignment, which allows remote attackers to\ncause a denial of service (out-of-bounds access) or possibly have\nunspecified other impact via crafted JV data (CVE-2014-8542).\n\nlibavcodec/mmvideo.c in FFmpeg before 2.0.6 does not consider all\nlines of HHV Intra blocks during validation of image height, which\nallows remote attackers to cause a denial of service (out-of-bounds\naccess) or possibly have unspecified other impact via crafted MM video\ndata (CVE-2014-8543).\n\nlibavcodec/tiff.c in FFmpeg before 2.0.6 does not properly validate\nbits-per-pixel fields, which allows remote attackers to cause a denial\nof service (out-of-bounds access) or possibly have unspecified other\nimpact via crafted TIFF data (CVE-2014-8544).\n\nlibavcodec/pngdec.c in FFmpeg before 2.0.6 accepts the\nmonochrome-black format without verifying that the bits-per-pixel\nvalue is 1, which allows remote attackers to cause a denial of service\n(out-of-bounds access) or possibly have unspecified other impact via\ncrafted PNG data (CVE-2014-8545).\n\nInteger underflow in libavcodec/cinepak.c in FFmpeg before 2.0.6\nallows remote attackers to cause a denial of service (out-of-bounds\naccess) or possibly have unspecified other impact via crafted Cinepak\nvideo data (CVE-2014-8546).\n\nlibavcodec/gifdec.c in FFmpeg before 2.0.6 does not properly compute\nimage heights, which allows remote attackers to cause a denial of\nservice (out-of-bounds access) or possibly have unspecified other\nimpact via crafted GIF data (CVE-2014-8547).\n\nOff-by-one error in libavcodec/smc.c in FFmpeg before 2.0.6 allows\nremote attackers to cause a denial of service (out-of-bounds access)\nor possibly have unspecified other impact via crafted Quicktime\nGraphics (aka SMC) video data (CVE-2014-8548).\n\nThis updates provides ffmpeg version 2.0.6, which fixes these issues\nand several other bugs which were corrected upstream.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0280.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0464.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avcodec55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avfilter3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avformat55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avutil52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64postproc52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64swresample0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64swscaler2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"ffmpeg-2.0.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64avcodec55-2.0.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64avfilter3-2.0.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64avformat55-2.0.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64avutil52-2.0.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64ffmpeg-devel-2.0.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64ffmpeg-static-devel-2.0.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64postproc52-2.0.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64swresample0-2.0.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64swscaler2-2.0.6-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:40:40", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201603-06\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code or cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201603-06.NASL", "href": "https://www.tenable.com/plugins/nessus/89899", "published": "2016-03-14T00:00:00", "title": "GLSA-201603-06 : FFmpeg: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201603-06.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89899);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/03/14 14:55:46 $\");\n\n script_cve_id(\"CVE-2013-0860\", \"CVE-2013-0861\", \"CVE-2013-0862\", \"CVE-2013-0863\", \"CVE-2013-0864\", \"CVE-2013-0865\", \"CVE-2013-0866\", \"CVE-2013-0867\", \"CVE-2013-0868\", \"CVE-2013-0872\", \"CVE-2013-0873\", \"CVE-2013-0874\", \"CVE-2013-0875\", \"CVE-2013-0876\", \"CVE-2013-0877\", \"CVE-2013-0878\", \"CVE-2013-4263\", \"CVE-2013-4264\", \"CVE-2013-4265\", \"CVE-2013-7008\", \"CVE-2013-7009\", \"CVE-2013-7010\", \"CVE-2013-7011\", \"CVE-2013-7012\", \"CVE-2013-7013\", \"CVE-2013-7014\", \"CVE-2013-7015\", \"CVE-2013-7016\", \"CVE-2013-7017\", \"CVE-2013-7018\", \"CVE-2013-7019\", \"CVE-2013-7020\", \"CVE-2013-7021\", \"CVE-2013-7022\", \"CVE-2013-7023\", \"CVE-2013-7024\", \"CVE-2014-2097\", \"CVE-2014-2098\", \"CVE-2014-2263\", \"CVE-2014-5271\", \"CVE-2014-5272\", \"CVE-2014-7937\", \"CVE-2014-8541\", \"CVE-2014-8542\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8545\", \"CVE-2014-8546\", \"CVE-2014-8547\", \"CVE-2014-8548\", \"CVE-2014-8549\", \"CVE-2014-9316\", \"CVE-2014-9317\", \"CVE-2014-9318\", \"CVE-2014-9319\", \"CVE-2014-9602\", \"CVE-2014-9603\", \"CVE-2014-9604\", \"CVE-2015-3395\");\n script_xref(name:\"GLSA\", value:\"201603-06\");\n\n script_name(english:\"GLSA-201603-06 : FFmpeg: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201603-06\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code or cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201603-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-2.6.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 2.6.3\"), vulnerable:make_list(\"lt 2.6.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FFmpeg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "description": "Multiple memory corruptions on different media formats parsing.", "modified": "2015-03-18T00:00:00", "published": "2015-03-18T00:00:00", "id": "SECURITYVULNS:VULN:14327", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14327", "title": "libav / ffmpeg multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2534-1\r\nMarch 17, 2015\r\n\r\nlibav vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nLibav could be made to crash or run programs as your login if it opened a\r\nspecially crafted file.\r\n\r\nSoftware Description:\r\n- libav: Multimedia player, server, encoder and transcoder\r\n\r\nDetails:\r\n\r\nIt was discovered that Libav incorrectly handled certain malformed media\r\nfiles. If a user were tricked into opening a crafted media file, an\r\nattacker could cause a denial of service via application crash, or possibly\r\nexecute arbitrary code with the privileges of the user invoking the\r\nprogram.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n libavcodec53 4:0.8.17-0ubuntu0.12.04.1\r\n libavformat53 4:0.8.17-0ubuntu0.12.04.1\r\n\r\nThis update uses a new upstream release, which includes additional bug\r\nfixes. In general, a standard system update will make all the necessary\r\nchanges.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2534-1\r\n CVE-2014-8542, CVE-2014-8543, CVE-2014-8544, CVE-2014-8547,\r\n CVE-2014-8548, CVE-2014-9604\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libav/4:0.8.17-0ubuntu0.12.04.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-03-18T00:00:00", "published": "2015-03-18T00:00:00", "id": "SECURITYVULNS:DOC:31804", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31804", "title": "[USN-2534-1] Libav vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:34", "bulletinFamily": "scanner", "description": "Several security issues have been\ncorrected in multiple demuxers and decoders of the libav multimedia library.", "modified": "2019-03-18T00:00:00", "published": "2015-03-15T00:00:00", "id": "OPENVAS:1361412562310703189", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703189", "title": "Debian Security Advisory DSA 3189-1 (libav - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3189.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3189-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703189\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2014-7933\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8547\",\n \"CVE-2014-8548\", \"CVE-2014-9604\");\n script_name(\"Debian Security Advisory DSA 3189-1 (libav - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-15 00:00:00 +0100 (Sun, 15 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3189.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libav on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 6:0.8.17-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6:11.3-1.\n\nWe recommend that you upgrade your libav packages.\");\n script_tag(name:\"summary\", value:\"Several security issues have been\ncorrected in multiple demuxers and decoders of the libav multimedia library.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-extra-53:amd64\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-extra-53:i386\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec53:amd64\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec53:i386\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice53:amd64\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice53:i386\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter2:amd64\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter2:i386\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat53:amd64\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat53:i386\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil51:amd64\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil51:i386\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc52:amd64\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc52:i386\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale2:amd64\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale2:i386\", ver:\"6:0.8.17-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:03", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-03-18T00:00:00", "id": "OPENVAS:1361412562310842133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842133", "title": "Ubuntu Update for libav USN-2534-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libav USN-2534-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842133\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-18 06:47:14 +0100 (Wed, 18 Mar 2015)\");\n script_cve_id(\"CVE-2014-8542\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8547\",\n \"CVE-2014-8548\", \"CVE-2014-9604\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libav USN-2534-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libav'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Libav incorrectly\nhandled certain malformed media files. If a user were tricked into opening a\ncrafted media file, an attacker could cause a denial of service via application\ncrash, or possibly execute arbitrary code with the privileges of the user\ninvoking the program.\");\n script_tag(name:\"affected\", value:\"libav on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2534-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2534-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"4:0.8.17-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"4:0.8.17-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:52:55", "bulletinFamily": "scanner", "description": "Several security issues have been\ncorrected in multiple demuxers and decoders of the libav multimedia library.\nA full list of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.17", "modified": "2017-07-07T00:00:00", "published": "2015-03-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703189", "id": "OPENVAS:703189", "title": "Debian Security Advisory DSA 3189-1 (libav - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3189.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3189-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703189);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-7933\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8547\",\n \"CVE-2014-8548\", \"CVE-2014-9604\");\n script_name(\"Debian Security Advisory DSA 3189-1 (libav - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-15 00:00:00 +0100 (Sun, 15 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3189.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libav on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 6:0.8.17-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6:11.3-1.\n\nWe recommend that you upgrade your libav packages.\");\n script_tag(name: \"summary\", value: \"Several security issues have been\ncorrected in multiple demuxers and decoders of the libav multimedia library.\nA full list of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.17\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53:amd64\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53:i386\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53:amd64\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53:i386\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53:amd64\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53:i386\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2:amd64\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2:i386\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53:amd64\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53:i386\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51:amd64\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51:i386\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52:amd64\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52:i386\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2:amd64\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2:i386\", ver:\"6:0.8.17-1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:20", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201603-06", "modified": "2018-10-26T00:00:00", "published": "2016-03-14T00:00:00", "id": "OPENVAS:1361412562310121448", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121448", "title": "Gentoo Security Advisory GLSA 201603-06", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201603-06.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121448\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 15:52:42 +0200 (Mon, 14 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201603-06\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201603-06\");\n script_cve_id(\"CVE-2013-0860\", \"CVE-2013-0861\", \"CVE-2013-0862\", \"CVE-2013-0863\", \"CVE-2013-0864\", \"CVE-2013-0865\", \"CVE-2013-0866\", \"CVE-2013-0867\", \"CVE-2013-0868\", \"CVE-2013-0872\", \"CVE-2013-0873\", \"CVE-2013-0874\", \"CVE-2013-0875\", \"CVE-2013-0876\", \"CVE-2013-0877\", \"CVE-2013-0878\", \"CVE-2013-4263\", \"CVE-2013-4264\", \"CVE-2013-4265\", \"CVE-2013-7008\", \"CVE-2013-7009\", \"CVE-2013-7010\", \"CVE-2013-7011\", \"CVE-2013-7012\", \"CVE-2013-7013\", \"CVE-2013-7014\", \"CVE-2013-7015\", \"CVE-2013-7016\", \"CVE-2013-7017\", \"CVE-2013-7018\", \"CVE-2013-7019\", \"CVE-2013-7020\", \"CVE-2013-7021\", \"CVE-2013-7022\", \"CVE-2013-7023\", \"CVE-2013-7024\", \"CVE-2014-2097\", \"CVE-2014-2098\", \"CVE-2014-2263\", \"CVE-2014-5271\", \"CVE-2014-5272\", \"CVE-2014-7937\", \"CVE-2014-8541\", \"CVE-2014-8542\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8545\", \"CVE-2014-8546\", \"CVE-2014-8547\", \"CVE-2014-8548\", \"CVE-2014-8549\", \"CVE-2014-9316\", \"CVE-2014-9317\", \"CVE-2014-9318\", \"CVE-2014-9319\", \"CVE-2014-9602\", \"CVE-2014-9603\", \"CVE-2014-9604\", \"CVE-2015-3395\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201603-06\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-video/ffmpeg\", unaffected: make_list(\"ge 2.6.3\"), vulnerable: make_list(\"lt 2.6.3\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:17", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3189-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 15, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libav\nCVE ID : CVE-2014-7933 CVE-2014-8543 CVE-2014-8544 CVE-2014-8547 \n CVE-2014-8548 CVE-2014-9604\n\nSeveral security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.17\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.17-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6:11.3-1.\n\nWe recommend that you upgrade your libav packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-03-15T19:49:57", "published": "2015-03-15T19:49:57", "id": "DEBIAN:DSA-3189-1:D7FDF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00074.html", "title": "[SECURITY] [DSA 3189-1] libav security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:28", "bulletinFamily": "unix", "description": "It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.", "modified": "2015-03-17T00:00:00", "published": "2015-03-17T00:00:00", "id": "USN-2534-1", "href": "https://usn.ubuntu.com/2534-1/", "title": "Libav vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:14", "bulletinFamily": "unix", "description": "\nThe Mageia project reports:\n\nAvidemux is built with a bundled set of FFmpeg libraries.\n\t The bundled FFmpeg version has been updated from 1.2.10\n\t to 1.2.12 to fix these security issues and other bugs\n\t fixed upstream in FFmpeg.\n\n", "modified": "2015-09-28T00:00:00", "published": "2015-05-18T00:00:00", "id": "022255BE-0895-11E5-A242-5404A68AD561", "href": "https://vuxml.freebsd.org/freebsd/022255be-0895-11e5-a242-5404a68ad561.html", "title": "avidemux26 -- multiple vulnerabilities in bundled FFmpeg", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:01", "bulletinFamily": "unix", "description": "### Background\n\nFFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-2.6.3\"", "modified": "2016-03-12T00:00:00", "published": "2016-03-12T00:00:00", "id": "GLSA-201603-06", "href": "https://security.gentoo.org/glsa/201603-06", "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}