Debian DSA-2336-1 : ffmpeg - several vulnerabilities

2011-11-0800:00:00

www.tenable.com

JSON

Multiple vulnerabilities were found in FFmpeg, a multimedia player, server and encoder :

CVE-2011-3362 An integer signedness error in decode_residual_block function of the Chinese AVS video (CAVS) decoder in libavcodec can lead to denial of service (memory corruption and application crash) or possible code execution via a crafted CAVS file.
CVE-2011-3973/ CVE-2011-3974 Multiple errors in the Chinese AVS video (CAVS) decoder can lead to denial of service (memory corruption and application crash) via an invalid bitstream.
CVE-2011-3504 A memory allocation problem in the Matroska format decoder can lead to code execution via a crafted file.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2336. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(56727);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2011-3362", "CVE-2011-3504", "CVE-2011-3973", "CVE-2011-3974");
  script_bugtraq_id(49115, 49118, 50555);
  script_xref(name:"DSA", value:"2336");

  script_name(english:"Debian DSA-2336-1 : ffmpeg - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities were found in FFmpeg, a multimedia player,
server and encoder :

  - CVE-2011-3362
    An integer signedness error in decode_residual_block
    function of the Chinese AVS video (CAVS) decoder in
    libavcodec can lead to denial of service (memory
    corruption and application crash) or possible code
    execution via a crafted CAVS file.

  - CVE-2011-3973/ CVE-2011-3974
    Multiple errors in the Chinese AVS video (CAVS) decoder
    can lead to denial of service (memory corruption and
    application crash) via an invalid bitstream.

  - CVE-2011-3504
    A memory allocation problem in the Matroska format
    decoder can lead to code execution via a crafted file."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641478"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-3362"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-3973"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-3974"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-3504"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/ffmpeg"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2011/dsa-2336"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the ffmpeg packages.

For the stable distribution (squeeze), this problem has been fixed in
version 4:0.5.5-1.

Security support for ffmpeg has been discontinued for the oldstable
distribution (lenny) before in DSA 2306. The current version in
oldstable is not supported by upstream anymore and is affected by
several security issues. Backporting fixes for these and any future
issues has become unfeasible and therefore we needed to drop our
security support for the version in oldstable."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ffmpeg");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/11/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"ffmpeg", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"ffmpeg-dbg", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"ffmpeg-doc", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libavcodec-dev", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libavcodec52", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libavdevice-dev", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libavdevice52", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libavfilter-dev", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libavfilter0", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libavformat-dev", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libavformat52", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libavutil-dev", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libavutil49", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libpostproc-dev", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libpostproc51", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libswscale-dev", reference:"4:0.5.5-1")) flag++;
if (deb_check(release:"6.0", prefix:"libswscale0", reference:"4:0.5.5-1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxffmpegp-cpe:/a:debian:debian_linux:ffmpeg
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Vendor	Product	Version	CPE
debian	debian_linux	ffmpeg	p-cpe:/a:debian:debian_linux:ffmpeg
debian	debian_linux	6.0	cpe:/o:debian:debian_linux:6.0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3362

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3973

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3974

bugs.debian.org/cgi-bin/bugreport.cgi?bug=641478

packages.debian.org/source/squeeze/ffmpeg

security-tracker.debian.org/tracker/CVE-2011-3362

security-tracker.debian.org/tracker/CVE-2011-3504

security-tracker.debian.org/tracker/CVE-2011-3973

security-tracker.debian.org/tracker/CVE-2011-3974

www.debian.org/security/2011/dsa-2336

JSON

Related for DEBIAN_DSA-2336.NASL