Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2021 Greenbone Networks GmbHOPENVAS:1361412562310853655
HistoryApr 16, 2021 - 12:00 a.m.

openSUSE: Security Advisory for vlc (openSUSE-SU-2021:0091-1)

2021-04-1600:00:00
Copyright (C) 2021 Greenbone Networks GmbH
plugins.openvas.org
3

7.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.5%

JSON

The remote host is missing an update for the

# Copyright (C) 2021 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.853655");
  script_version("2021-08-26T12:01:05+0000");
  script_cve_id("CVE-2020-13428", "CVE-2020-26664");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2021-08-26 12:01:05 +0000 (Thu, 26 Aug 2021)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-06-19 16:15:00 +0000 (Fri, 19 Jun 2020)");
  script_tag(name:"creation_date", value:"2021-04-16 04:58:58 +0000 (Fri, 16 Apr 2021)");
  script_name("openSUSE: Security Advisory for vlc (openSUSE-SU-2021:0091-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.2");

  script_xref(name:"Advisory-ID", value:"openSUSE-SU-2021:0091-1");
  script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/KIZQCEFFNAB3CPF433JKRUT3ZM2EDM33");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'vlc'
  package(s) announced via the openSUSE-SU-2021:0091-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for vlc fixes the following issues:

     Update to 3.0.11.1:

  - CVE-2020-13428: Fixed heap-based buffer overflow in the
       hxxx_AnnexB_to_xVC () (boo#1172727)

  - CVE-2020-26664: Fixed heap-based buffer overflow in
       EbmlTypeDispatcher:send () (boo#1180755)");

  script_tag(name:"affected", value:"'vlc' package(s) on openSUSE Leap 15.2.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap15.2") {

  if(!isnull(res = isrpmvuln(pkg:"libvlc5", rpm:"libvlc5~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libvlc5-debuginfo", rpm:"libvlc5-debuginfo~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libvlccore9", rpm:"libvlccore9~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libvlccore9-debuginfo", rpm:"libvlccore9-debuginfo~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc", rpm:"vlc~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-codec-gstreamer", rpm:"vlc-codec-gstreamer~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-codec-gstreamer-debuginfo", rpm:"vlc-codec-gstreamer-debuginfo~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-debuginfo", rpm:"vlc-debuginfo~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-debugsource", rpm:"vlc-debugsource~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-devel", rpm:"vlc-devel~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-jack", rpm:"vlc-jack~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-jack-debuginfo", rpm:"vlc-jack-debuginfo~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-noX", rpm:"vlc-noX~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-noX-debuginfo", rpm:"vlc-noX-debuginfo~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-opencv", rpm:"vlc-opencv~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-opencv-debuginfo", rpm:"vlc-opencv-debuginfo~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-qt", rpm:"vlc-qt~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-qt-debuginfo", rpm:"vlc-qt-debuginfo~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-vdpau", rpm:"vlc-vdpau~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-vdpau-debuginfo", rpm:"vlc-vdpau-debuginfo~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"vlc-lang", rpm:"vlc-lang~3.0.11.1~lp152.2.9.1", rls:"openSUSELeap15.2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

suse 6
nessus 10
openvas 8
prion 2
alpinelinux 2
debiancve 2
osv 6
veracode 2
redos 11
cve 2
ubuntucve 2
freebsd 1
kaspersky 1
debian 3
cvelist 2
mageia 1
gentoo 1
archlinux 1
ubuntu 1
malwarebytes 1
suse
suse
Security update for vlc (important)
2021-01-16 00:00:00
Security update for vlc (important)
2021-01-19 00:00:00
Security update for vlc (important)
2021-01-20 00:00:00
nessus
nessus
openSUSE Security Update : vlc (openSUSE-2021-91)
2021-01-25 00:00:00
openSUSE Security Update : vlc (openSUSE-2021-76)
2021-01-25 00:00:00
Debian DSA-4704-1 : vlc - security update
2020-06-18 00:00:00
openvas
openvas
openSUSE: Security Advisory for vlc (openSUSE-SU-2021:0076-1)
2021-04-16 00:00:00
Mageia: Security Advisory (MGASA-2020-0272)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4704-1)
2020-06-18 00:00:00
prion
prion
Heap overflow
2020-06-08 19:15:00
Heap overflow
2021-01-08 18:15:00
alpinelinux
alpinelinux
CVE-2020-13428
2020-06-08 19:15:00
CVE-2020-26664
2021-01-08 18:15:00
debiancve
debiancve
CVE-2020-13428
2020-06-08 19:15:00
CVE-2020-26664
2021-01-08 18:15:00
osv
osv
vlc - security update
2020-06-16 00:00:00
CVE-2020-13428
2020-06-08 19:15:10
vlc - security update
2022-06-10 00:00:00
veracode
veracode
Arbtirary Code Execution
2020-08-06 21:28:39
Arbitrary Code Execution
2021-01-21 03:07:20
redos
redos
ROS-2-635
2021-09-08 00:00:00
ROS-2-552
2021-09-08 00:00:00
ROS-2-566
2021-09-08 00:00:00
cve
cve
CVE-2020-13428
2020-06-08 19:15:00
CVE-2020-26664
2021-01-08 18:15:00
ubuntucve
ubuntucve
CVE-2020-13428
2020-06-08 00:00:00
CVE-2020-26664
2021-01-08 00:00:00
freebsd
freebsd
vlc heap-based buffer overflow
2020-05-27 00:00:00
kaspersky
kaspersky
KLA12076 A buffer overflow vulnerability in VLC media player
2020-06-09 00:00:00
debian
debian
[SECURITY] [DSA 4704-1] vlc security update
2020-06-16 20:26:01
[SECURITY] [DLA 3050-1] vlc security update
2022-06-10 16:55:33
[SECURITY] [DSA 4834-1] vlc security update
2021-01-22 18:48:08
cvelist
cvelist
CVE-2020-13428
2020-06-08 18:13:04
CVE-2020-26664
2021-01-08 17:40:41
mageia
mageia
Updated vlc packages fix security vulnerability
2020-07-05 01:47:21
gentoo
gentoo
VLC: Buffer overflow
2021-01-29 00:00:00
archlinux
archlinux
[ASA-202101-35] vlc: arbitrary code execution
2021-01-20 00:00:00
ubuntu
ubuntu
VLC media player vulnerabilities
2023-06-20 00:00:00
malwarebytes
malwarebytes
Insights into your unpatched vulnerabilities
2023-12-11 10:17:48

7.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.5%

JSON
Related for OPENVAS:1361412562310853655
suse6nessus10openvas8prion2alpinelinux2debiancve2osv6veracode2redos11cve2ubuntucve2freebsd1kaspersky1debian3cvelist2mageia1gentoo1archlinux1ubuntu1malwarebytes1