Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5167-1.NASL
HistoryOct 20, 2023 - 12:00 a.m.

Ubuntu 16.04 ESM : FFmpeg vulnerabilities (USN-5167-1)

2023-10-2000:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
ubuntu 16.04 esm
ffmpeg 4.2
divide by zero
denial of service
buffer overflow
heap-based overflow
out-of-bounds read vulnerability
cwe-125
memory leak
execution of arbitrary code
disclosure of information
remote malicious user
resource management errors
security advisory
JSON

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5167-1 advisory.

  • FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. (CVE-2020-20445)

  • FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. (CVE-2020-20446)

  • Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.
    (CVE-2020-20451)

  • FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service (CVE-2020-20453)

  • An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
    (CVE-2020-20892)

  • A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R’(0), that could result in disclosure of information. (CVE-2020-20902)

  • Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service (CVE-2020-21041)

  • A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. (CVE-2020-21688)

  • A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. (CVE-2020-21697)

  • A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences. (CVE-2020-22016)

  • Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service. (CVE-2020-22020)

  • Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. (CVE-2020-22021)

  • A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
    (CVE-2020-22022)

  • A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences. (CVE-2020-22025)

  • A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
    (CVE-2020-22031)

  • A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences. (CVE-2020-22032)

  • A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. (CVE-2020-22037)

  • A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. (CVE-2020-22040)

  • A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. (CVE-2020-22041)

  • A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. (CVE-2020-22042)

  • A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. (CVE-2020-22044)

  • A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. (CVE-2020-22046)

  • A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. (CVE-2020-22049)

  • A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. (CVE-2020-22054)

  • decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. (CVE-2020-35965)

  • Prior to ffmpeg version 4.3, the tty demuxer did not have a ‘read_probe’ function assigned to it. By crafting a legitimate ffconcat file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the -vcodec copy option is passed to ffmpeg). (CVE-2021-3566)

  • libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. (CVE-2021-38114)

  • adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
    (CVE-2021-38171)

  • FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. (CVE-2021-38291)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5167-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183614);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2020-20445",
    "CVE-2020-20446",
    "CVE-2020-20451",
    "CVE-2020-20453",
    "CVE-2020-20892",
    "CVE-2020-20902",
    "CVE-2020-21041",
    "CVE-2020-21688",
    "CVE-2020-21697",
    "CVE-2020-22016",
    "CVE-2020-22020",
    "CVE-2020-22021",
    "CVE-2020-22022",
    "CVE-2020-22025",
    "CVE-2020-22031",
    "CVE-2020-22032",
    "CVE-2020-22037",
    "CVE-2020-22040",
    "CVE-2020-22041",
    "CVE-2020-22042",
    "CVE-2020-22044",
    "CVE-2020-22046",
    "CVE-2020-22049",
    "CVE-2020-22054",
    "CVE-2020-35965",
    "CVE-2021-3566",
    "CVE-2021-38114",
    "CVE-2021-38171",
    "CVE-2021-38291"
  );
  script_xref(name:"USN", value:"5167-1");

  script_name(english:"Ubuntu 16.04 ESM : FFmpeg vulnerabilities (USN-5167-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in
the USN-5167-1 advisory.

  - FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious
    user to cause a Denial of Service. (CVE-2020-20445)

  - FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious
    user to cause a Denial of Service. (CVE-2020-20446)

  - Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c.
    (CVE-2020-20451)

  - FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious
    user to cause a Denial of Service (CVE-2020-20453)

  - An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1,
    allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
    (CVE-2020-20892)

  - A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in
    FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could
    result in disclosure of information. (CVE-2020-20902)

  - Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which
    could let a remote malicious user cause a Denial of Service (CVE-2020-21041)

  - A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to
    execute arbitrary code. (CVE-2020-21688)

  - A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows
    to cause a denial of service (DOS) via a crafted avi file. (CVE-2020-21697)

  - A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files,
    which might lead to memory corruption and other potential consequences. (CVE-2020-22016)

  - Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c,
    which could let a remote malicious user cause a Denial of Service. (CVE-2020-22020)

  - Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which
    could let a remote malicious user cause a Denial of Service. (CVE-2020-22021)

  - A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at
    libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
    (CVE-2020-22022)

  - A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which
    might lead to memory corruption and other potential consequences. (CVE-2020-22025)

  - A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in
    filter16_complex_low, which might lead to memory corruption and other potential consequences.
    (CVE-2020-22031)

  - A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in
    gaussian_blur, which might lead to memory corruption and other potential consequences. (CVE-2020-22032)

  - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at
    options.c. (CVE-2020-22037)

  - A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function
    in frame.c. (CVE-2020-22040)

  - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the
    av_buffersrc_add_frame_flags function in buffersrc. (CVE-2020-22041)

  - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in
    the link_filter_inouts function in libavfilter/graphparser.c. (CVE-2020-22042)

  - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the
    url_open_dyn_buf_internal function in libavformat/aviobuf.c. (CVE-2020-22044)

  - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl
    function in libavutil/float_dsp.c. (CVE-2020-22046)

  - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector
    function in wtvdec.c. (CVE-2020-22049)

  - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in
    dict.c. (CVE-2020-22054)

  - decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in
    calculations of when to perform memset zero operations. (CVE-2020-35965)

  - Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By
    crafting a legitimate ffconcat file that references an image, followed by a file the triggers the tty
    demuxer, the contents of the second file will be copied into the output file verbatim (as long as the
    `-vcodec copy` option is passed to ffmpeg). (CVE-2021-3566)

  - libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar
    issue to CVE-2013-0868. (CVE-2021-38114)

  - adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return
    value, which is a necessary step because the second argument to init_get_bits can be crafted.
    (CVE-2021-38171)

  - FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure
    at src/libavutil/mathematics.c. (CVE-2021-38291)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5167-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-38171");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ffmpeg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libav-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavcodec-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavcodec-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavcodec-ffmpeg-extra56");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavcodec-ffmpeg56");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavdevice-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavdevice-ffmpeg56");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavfilter-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavfilter-ffmpeg5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavformat-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavformat-ffmpeg56");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavresample-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavresample-ffmpeg2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavutil-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libavutil-ffmpeg54");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpostproc-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpostproc-ffmpeg53");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libswresample-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libswresample-ffmpeg1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libswscale-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libswscale-ffmpeg3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'ffmpeg', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libav-tools', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavcodec-dev', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavcodec-extra', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavcodec-ffmpeg-extra56', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavcodec-ffmpeg56', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavdevice-dev', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavdevice-ffmpeg56', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavfilter-dev', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavfilter-ffmpeg5', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavformat-dev', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavformat-ffmpeg56', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavresample-dev', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavresample-ffmpeg2', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavutil-dev', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libavutil-ffmpeg54', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libpostproc-dev', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libpostproc-ffmpeg53', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libswresample-dev', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libswresample-ffmpeg1', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libswscale-dev', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'},
    {'osver': '16.04', 'pkgname': 'libswscale-ffmpeg3', 'pkgver': '7:2.8.17-0ubuntu0.1+esm4'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ffmpeg / libav-tools / libavcodec-dev / libavcodec-extra / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linuxffmpegp-cpe:/a:canonical:ubuntu_linux:ffmpeg
canonicalubuntu_linuxlibav-toolsp-cpe:/a:canonical:ubuntu_linux:libav-tools
canonicalubuntu_linuxlibavcodec-devp-cpe:/a:canonical:ubuntu_linux:libavcodec-dev
canonicalubuntu_linuxlibavcodec-extrap-cpe:/a:canonical:ubuntu_linux:libavcodec-extra
canonicalubuntu_linuxlibavcodec-ffmpeg-extra56p-cpe:/a:canonical:ubuntu_linux:libavcodec-ffmpeg-extra56
canonicalubuntu_linuxlibavcodec-ffmpeg56p-cpe:/a:canonical:ubuntu_linux:libavcodec-ffmpeg56
canonicalubuntu_linuxlibavdevice-devp-cpe:/a:canonical:ubuntu_linux:libavdevice-dev
canonicalubuntu_linuxlibavdevice-ffmpeg56p-cpe:/a:canonical:ubuntu_linux:libavdevice-ffmpeg56
canonicalubuntu_linuxlibavfilter-devp-cpe:/a:canonical:ubuntu_linux:libavfilter-dev
Rows per page:
1-10 of 231

References

Related

osv 30
ubuntu 2
openvas 21
nessus 15
debian 5
mageia 2
cloudfoundry 1
suse 5
alpinelinux 8
cve 21
debiancve 19
ubuntucve 22
prion 25
veracode 21
cnvd 2
osv
osv
ffmpeg vulnerabilities
2022-06-13 16:13:57
ffmpeg - security update
2021-11-13 00:00:00
ffmpeg - security update
2021-10-31 00:00:00
ubuntu
ubuntu
FFmpeg vulnerabilities
2022-06-13 00:00:00
FFmpeg vulnerabilities
2022-06-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5167-1)
2023-01-27 00:00:00
Debian: Security Advisory (DLA-2818-1)
2021-11-18 00:00:00
Debian: Security Advisory (DSA-4998-1)
2021-11-02 00:00:00
nessus
nessus
Debian DLA-2818-1 : ffmpeg - LTS security update
2021-11-15 00:00:00
Debian DSA-4998-1 : ffmpeg - security update
2021-11-01 00:00:00
Debian DLA-2742-1 : ffmpeg - LTS security update
2021-08-23 00:00:00
debian
debian
[SECURITY] [DSA 4998-1] ffmpeg security update
2021-10-31 16:40:43
[SECURITY] [DLA 2818-1] ffmpeg security update
2021-11-14 20:48:14
[SECURITY] [DLA 2742-1] ffmpeg security update
2021-08-15 04:58:37
mageia
mageia
Updated ffmpeg packages fix security vulnerability
2021-10-29 22:32:22
Updated ffmpeg packages fix a security vulnerability
2021-06-23 20:11:28
cloudfoundry
cloudfoundry
USN-5472-1: FFmpeg vulnerabilities | Cloud Foundry
2022-07-28 00:00:00
suse
suse
Security update for ffmpeg (important)
2021-09-02 00:00:00
Security update for ffmpeg (important)
2021-07-14 00:00:00
Security update for ffmpeg (moderate)
2021-10-26 00:00:00
alpinelinux
alpinelinux
CVE-2021-38114
2021-08-04 21:15:00
CVE-2020-22021
2021-05-26 20:15:00
CVE-2020-35965
2021-01-04 02:15:00
cve
cve
CVE-2021-38114
2021-08-04 21:15:00
CVE-2020-22021
2021-05-26 20:15:00
CVE-2021-38291
2021-08-12 16:15:00
debiancve
debiancve
CVE-2021-38114
2021-08-04 21:15:00
CVE-2021-38291
2021-08-12 16:15:00
CVE-2020-22032
2021-05-27 19:15:00
ubuntucve
ubuntucve
CVE-2021-38114
2021-08-04 00:00:00
CVE-2020-22021
2021-05-26 00:00:00
CVE-2020-20902
2021-09-20 00:00:00
prion
prion
Design/Logic Flaw
2021-08-04 21:15:00
Design/Logic Flaw
2021-08-12 16:15:00
Denial of service
2021-05-25 19:15:00
veracode
veracode
Denial Of Service (DoS)
2021-06-07 13:13:04
Denial Of Service (DoS)
2021-10-23 21:56:36
Out-of-Bounds Access
2021-01-14 02:15:26
cnvd
cnvd
Ffmpeg out-of-bounds read/write vulnerability
2021-08-05 00:00:00
FFmpeg heap reuse vulnerability after release
2021-08-11 00:00:00
JSON
Related for UBUNTU_USN-5167-1.NASL
osv30ubuntu2openvas21nessus15debian5mageia2cloudfoundry1suse5alpinelinux8cve21debiancve19ubuntucve22prion25veracode21cnvd2