Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5712.NASL
HistoryJun 16, 2024 - 12:00 a.m.

Debian dsa-5712 : ffmpeg - security update

2024-06-1600:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
debian 12
ffmpeg
security update
denial of service
arbitrary code
cve-2023-50010
cve-2023-51793
cve-2023-51794
cve-2023-51795
cve-2023-51798
cve-2024-31585

8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5712 advisory.

- -------------------------------------------------------------------------     Debian Security Advisory DSA-5712-1                   [email protected]     https://www.debian.org/security/                       Moritz Muehlenhoff     June 15, 2024                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ffmpeg     CVE ID         : CVE-2023-50010 CVE-2023-51793 CVE-2023-51794                      CVE-2023-51795 CVE-2023-51798 CVE-2024-31585

Several vulnerabilities have been discovered in the FFmpeg multimedia     framework, which could result in denial of service or potentially the     execution of arbitrary code if malformed files/streams are processed.

For the stable distribution (bookworm), these problems have been fixed in     version 7:5.1.5-0+deb12u1.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to     its security tracker page at:
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

Mailing list: [email protected]

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5712. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(200642);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/16");

  script_cve_id(
    "CVE-2023-50010",
    "CVE-2023-51793",
    "CVE-2023-51794",
    "CVE-2023-51795",
    "CVE-2023-51798",
    "CVE-2024-31585"
  );
  script_xref(name:"IAVB", value:"2024-B-0041");

  script_name(english:"Debian dsa-5712 : ffmpeg - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5712 advisory.

    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-5712-1                   [email protected]
    https://www.debian.org/security/                       Moritz Muehlenhoff
    June 15, 2024                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : ffmpeg
    CVE ID         : CVE-2023-50010 CVE-2023-51793 CVE-2023-51794
                     CVE-2023-51795 CVE-2023-51798 CVE-2024-31585

    Several vulnerabilities have been discovered in the FFmpeg multimedia
    framework, which could result in denial of service or potentially the
    execution of arbitrary code if malformed files/streams are processed.

    For the stable distribution (bookworm), these problems have been fixed in
    version 7:5.1.5-0+deb12u1.

    We recommend that you upgrade your ffmpeg packages.

    For the detailed security status of ffmpeg please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/ffmpeg

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/ffmpeg");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-50010");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-51793");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-51794");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-51795");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-51798");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-31585");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/ffmpeg");
  script_set_attribute(attribute:"solution", value:
"Upgrade the ffmpeg packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-51793");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/06/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ffmpeg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ffmpeg-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavcodec-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavcodec-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavcodec-extra59");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavcodec59");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavdevice-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavdevice59");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavfilter-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavfilter-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavfilter-extra8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavfilter8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavformat-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavformat-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavformat-extra59");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavformat59");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavutil-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavutil57");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpostproc-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpostproc56");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libswresample-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libswresample4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libswscale-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libswscale6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '12.0', 'prefix': 'ffmpeg', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'ffmpeg-doc', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavcodec-dev', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavcodec-extra', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavcodec-extra59', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavcodec59', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavdevice-dev', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavdevice59', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavfilter-dev', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavfilter-extra', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavfilter-extra8', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavfilter8', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavformat-dev', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavformat-extra', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavformat-extra59', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavformat59', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavutil-dev', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libavutil57', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libpostproc-dev', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libpostproc56', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libswresample-dev', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libswresample4', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libswscale-dev', 'reference': '7:5.1.5-0+deb12u1'},
    {'release': '12.0', 'prefix': 'libswscale6', 'reference': '7:5.1.5-0+deb12u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ffmpeg / ffmpeg-doc / libavcodec-dev / libavcodec-extra / etc');
}
VendorProductVersionCPE
debiandebian_linuxlibavcodec59p-cpe:/a:debian:debian_linux:libavcodec59
debiandebian_linuxffmpeg-docp-cpe:/a:debian:debian_linux:ffmpeg-doc
debiandebian_linuxlibswscale-devp-cpe:/a:debian:debian_linux:libswscale-dev
debiandebian_linuxlibavformat-extra59p-cpe:/a:debian:debian_linux:libavformat-extra59
debiandebian_linux12.0cpe:/o:debian:debian_linux:12.0
debiandebian_linuxlibavformat59p-cpe:/a:debian:debian_linux:libavformat59
debiandebian_linuxlibavformat-extrap-cpe:/a:debian:debian_linux:libavformat-extra
debiandebian_linuxlibavcodec-devp-cpe:/a:debian:debian_linux:libavcodec-dev
debiandebian_linuxlibavdevice59p-cpe:/a:debian:debian_linux:libavdevice59
debiandebian_linuxlibavdevice-devp-cpe:/a:debian:debian_linux:libavdevice-dev
Rows per page:
1-10 of 251

Related

osv 3
ubuntu 1
nessus 10
openvas 15
cvelist 6
cve 6
ubuntucve 6
debiancve 6
nvd 6
vulnrichment 4
fedora 3
osv
osv
ffmpeg - security update
2024-06-15 00:00:00
ffmpeg vulnerabilities
2024-05-30 15:53:23
CVE-2024-31585
2024-04-17 19:15:08
ubuntu
ubuntu
FFmpeg vulnerabilities
2024-05-30 00:00:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : FFmpeg vulnerabilities (USN-6803-1)
2024-05-30 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2024:1908-1)
2024-06-04 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2024:1593-1)
2024-05-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6803-1)
2024-05-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1592-1)
2024-05-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1593-1)
2024-05-13 00:00:00
cvelist
cvelist
CVE-2024-31585
2024-04-17 00:00:00
CVE-2023-50010
2024-04-19 00:00:00
CVE-2023-51794
2024-04-26 00:00:00
cve
cve
CVE-2024-31585
2024-04-17 19:15:08
CVE-2023-51798
2024-04-19 17:15:52
CVE-2023-51795
2024-04-19 17:15:52
ubuntucve
ubuntucve
CVE-2024-31585
2024-04-17 00:00:00
CVE-2023-51795
2024-04-19 00:00:00
CVE-2023-50010
2024-04-19 00:00:00
debiancve
debiancve
CVE-2023-51795
2024-04-19 17:15:52
CVE-2023-51798
2024-04-19 17:15:52
CVE-2024-31585
2024-04-17 19:15:08
nvd
nvd
CVE-2024-31585
2024-04-17 19:15:08
CVE-2023-51798
2024-04-19 17:15:52
CVE-2023-51794
2024-04-26 15:15:48
vulnrichment
vulnrichment
CVE-2023-51798
2024-04-19 00:00:00
CVE-2023-50010
2024-04-19 00:00:00
CVE-2023-51795
2024-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: chromium-124.0.6367.155-1.fc40
2024-05-11 01:32:09
[SECURITY] Fedora 39 Update: chromium-124.0.6367.155-1.fc39
2024-05-11 02:22:42
[SECURITY] Fedora 38 Update: chromium-125.0.6422.60-1.fc38
2024-05-18 01:44:05

8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON
Related for DEBIAN_DSA-5712.NASL
osv3ubuntu1nessus10openvas15cvelist6cve6ubuntucve6debiancve6nvd6vulnrichment4fedora3