Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202305-01
HistoryMay 03, 2023 - 12:00 a.m.

AtomicParsley: Multiple Vulnerabilities

2023-05-0300:00:00
Gentoo Foundation
security.gentoo.org
12
atomicparsley
vulnerabilities
update
latest version
gentoo
mpeg4
metadata

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.0%

JSON

Background

AtomicParsley is a command line program for manipulating iTunes-style metadata in MPEG4 files.

Description

Multiple vulnerabilities have been discovered in AtomicParsley. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

Users can pass only trusted input to AtomicParsley.

Resolution

Previously, the “wez” AtomicParsley fork was packaged in Gentoo as media-video/atomicparsley-wez. This fork is now packaged as media-video/atomicparsley, so users of the fork’s package should now depclean it:

 # emerge --ask --depclean "media-video/atomicparsley-wez"

All AtomicParsley users should upgrade to the latest version, which is a packaging of the “wez” AtomicParsley fork:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/atomicparsley-0.9.6_p20210715_p151551"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-video/atomicparsley< 0.9.6_p20210715_p151551UNKNOWN
Gentooanyallmedia-video/atomicparsley-wez<= 0.9.6UNKNOWN

Related

nessus 1
debiancve 2
ubuntucve 2
cve 2
osv 2
veracode 2
prion 2
nvd 2
cvelist 2
nessus
nessus
GLSA-202305-01 : AtomicParsley: Multiple Vulnerabilities
2023-05-03 00:00:00
debiancve
debiancve
CVE-2021-37231
2021-08-04 10:15:07
CVE-2021-37232
2021-08-04 10:15:07
ubuntucve
ubuntucve
CVE-2021-37232
2021-08-04 00:00:00
CVE-2021-37231
2021-08-04 00:00:00
cve
cve
CVE-2021-37231
2021-08-04 10:15:07
CVE-2021-37232
2021-08-04 10:15:07
osv
osv
CVE-2021-37231
2021-08-04 10:15:07
CVE-2021-37232
2021-08-04 10:15:07
veracode
veracode
Denial Of Service (DoS)
2021-09-20 10:15:32
Denial Of Service (DoS)
2021-09-20 10:15:31
prion
prion
Stack overflow
2021-08-04 10:15:00
Stack overflow
2021-08-04 10:15:00
nvd
nvd
CVE-2021-37232
2021-08-04 10:15:07
CVE-2021-37231
2021-08-04 10:15:07
cvelist
cvelist
CVE-2021-37231
2021-08-04 00:00:00
CVE-2021-37232
2021-08-04 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.0%

JSON
Related for GLSA-202305-01
nessus1debiancve2ubuntucve2cve2osv2veracode2prion2nvd2cvelist2