{"id": "OPENVAS:841260", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for libav USN-1674-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1674-1", "published": "2012-12-26T00:00:00", "modified": "2017-12-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841260", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["1674-1", "http://www.ubuntu.com/usn/usn-1674-1/"], "cvelist": ["CVE-2012-2789", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2794", "CVE-2012-2798"], "lastseen": "2017-12-04T11:20:40", "viewCount": 0, "enchantments": {"score": {"value": 8.4, "vector": "NONE", "modified": "2017-12-04T11:20:40", "rev": 2}, "dependencies": {"references": [{"type": "ubuntu", "idList": ["USN-1675-1", "USN-1630-1", "USN-1674-1", "USN-1705-1"]}, {"type": "openvas", "idList": ["OPENVAS:892624", "OPENVAS:1361412562310841260", "OPENVAS:1361412562310121231", "OPENVAS:841213", "OPENVAS:1361412562310841213", "OPENVAS:841296", "OPENVAS:841265", "OPENVAS:1361412562310841265", "OPENVAS:1361412562310121050", "OPENVAS:1361412562310892624"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1674-1.NASL", "UBUNTU_USN-1705-1.NASL", "UBUNTU_USN-1630-1.NASL", "GENTOO_GLSA-201310-12.NASL", "FREEBSD_PKG_4D087B35099011E3A9F4BCAEC565249C.NASL", "UBUNTU_USN-1675-1.NASL", "DEBIAN_DSA-2624.NASL", "GENTOO_GLSA-201406-28.NASL", "MANDRIVA_MDVSA-2013-079.NASL"]}, {"type": "cve", "idList": ["CVE-2012-2789", "CVE-2012-2793", "CVE-2012-2784", "CVE-2012-2786", "CVE-2012-2775", "CVE-2012-2779", "CVE-2012-2788", "CVE-2012-2772", "CVE-2012-2801", "CVE-2012-2777"]}, {"type": "gentoo", "idList": ["GLSA-201310-12", "GLSA-201406-28"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12859", "SECURITYVULNS:VULN:12385", "SECURITYVULNS:DOC:29000"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2624-1:5BC06"]}, {"type": "freebsd", "idList": ["4D087B35-0990-11E3-A9F4-BCAEC565249C"]}], "modified": "2017-12-04T11:20:40", "rev": 2}, "vulnersScore": 8.4}, "pluginID": "841260", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1674_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for libav USN-1674-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Libav incorrectly handled certain malformed media\n files. If a user were tricked into opening a crafted media file, an\n attacker could cause a denial of service via application crash, or possibly\n execute arbitrary code with the privileges of the user invoking the\n program.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1674-1\";\ntag_affected = \"libav on Ubuntu 11.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1674-1/\");\n script_id(841260);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:07:44 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-2772\", \"CVE-2012-2775\", \"CVE-2012-2777\", \"CVE-2012-2779\",\n \"CVE-2012-2784\", \"CVE-2012-2786\", \"CVE-2012-2788\", \"CVE-2012-2789\",\n \"CVE-2012-2790\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2798\",\n \"CVE-2012-2800\", \"CVE-2012-2801\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1674-1\");\n script_name(\"Ubuntu Update for libav USN-1674-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"4:0.7.6-0ubuntu0.11.10.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"4:0.7.6-0ubuntu0.11.10.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}

{"ubuntu": [{"lastseen": "2020-07-09T00:32:25", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2789", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2794", "CVE-2012-2798"], "description": "It was discovered that Libav incorrectly handled certain malformed media \nfiles. If a user were tricked into opening a crafted media file, an \nattacker could cause a denial of service via application crash, or possibly \nexecute arbitrary code with the privileges of the user invoking the \nprogram.", "edition": 5, "modified": "2012-12-19T00:00:00", "published": "2012-12-19T00:00:00", "id": "USN-1674-1", "href": "https://ubuntu.com/security/notices/USN-1674-1", "title": "Libav vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:39:28", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2789", "CVE-2012-2802", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-2794", "CVE-2012-2776", "CVE-2012-2798"], "description": "It was discovered that Libav incorrectly handled certain malformed media \nfiles. If a user were tricked into opening a crafted media file, an \nattacker could cause a denial of service via application crash, or possibly \nexecute arbitrary code with the privileges of the user invoking the \nprogram.", "edition": 5, "modified": "2012-11-12T00:00:00", "published": "2012-11-12T00:00:00", "id": "USN-1630-1", "href": "https://ubuntu.com/security/notices/USN-1630-1", "title": "Libav vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:29:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2788", "CVE-2012-2777", "CVE-2012-2784", "CVE-2012-2801"], "description": "It was discovered that FFmpeg incorrectly handled certain malformed media \nfiles. If a user were tricked into opening a crafted media file, an \nattacker could cause a denial of service via application crash, or possibly \nexecute arbitrary code with the privileges of the user invoking the \nprogram.", "edition": 5, "modified": "2012-12-19T00:00:00", "published": "2012-12-19T00:00:00", "id": "USN-1675-1", "href": "https://ubuntu.com/security/notices/USN-1675-1", "title": "FFmpeg vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:30", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2802", "CVE-2012-2797", "CVE-2012-2803", "CVE-2012-2801", "CVE-2012-2783", "CVE-2012-5144", "CVE-2012-2804", "CVE-2012-2791", "CVE-2012-2798"], "description": "It was discovered that Libav incorrectly handled certain malformed media \nfiles. If a user were tricked into opening a crafted media file, an \nattacker could cause a denial of service via application crash, or possibly \nexecute arbitrary code with the privileges of the user invoking the \nprogram.", "edition": 5, "modified": "2013-01-28T00:00:00", "published": "2013-01-28T00:00:00", "id": "USN-1705-1", "href": "https://ubuntu.com/security/notices/USN-1705-1", "title": "Libav vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:39:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2789", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2794", "CVE-2012-2798"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1674-1", "modified": "2019-03-13T00:00:00", "published": "2012-12-26T00:00:00", "id": "OPENVAS:1361412562310841260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841260", "type": "openvas", "title": "Ubuntu Update for libav USN-1674-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1674_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libav USN-1674-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1674-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841260\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:07:44 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-2772\", \"CVE-2012-2775\", \"CVE-2012-2777\", \"CVE-2012-2779\",\n \"CVE-2012-2784\", \"CVE-2012-2786\", \"CVE-2012-2788\", \"CVE-2012-2789\",\n \"CVE-2012-2790\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2798\",\n \"CVE-2012-2800\", \"CVE-2012-2801\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1674-1\");\n script_name(\"Ubuntu Update for libav USN-1674-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1674-1\");\n script_tag(name:\"affected\", value:\"libav on Ubuntu 11.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Libav incorrectly handled certain malformed media\n files. If a user were tricked into opening a crafted media file, an\n attacker could cause a denial of service via application crash, or possibly\n execute arbitrary code with the privileges of the user invoking the\n program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"4:0.7.6-0ubuntu0.11.10.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"4:0.7.6-0ubuntu0.11.10.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2789", "CVE-2012-2802", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-2794", "CVE-2012-2776", "CVE-2012-2798"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1630-1", "modified": "2019-03-13T00:00:00", "published": "2012-11-15T00:00:00", "id": "OPENVAS:1361412562310841213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841213", "type": "openvas", "title": "Ubuntu Update for libav USN-1630-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1630_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libav USN-1630-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1630-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841213\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-15 11:47:49 +0530 (Thu, 15 Nov 2012)\");\n script_cve_id(\"CVE-2012-2772\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\",\n \"CVE-2012-2779\", \"CVE-2012-2784\", \"CVE-2012-2786\", \"CVE-2012-2787\",\n \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2793\",\n \"CVE-2012-2794\", \"CVE-2012-2796\", \"CVE-2012-2798\", \"CVE-2012-2800\",\n \"CVE-2012-2801\", \"CVE-2012-2802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1630-1\");\n script_name(\"Ubuntu Update for libav USN-1630-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|12\\.10)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1630-1\");\n script_tag(name:\"affected\", value:\"libav on Ubuntu 12.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Libav incorrectly handled certain malformed media\n files. If a user were tricked into opening a crafted media file, an\n attacker could cause a denial of service via application crash, or possibly\n execute arbitrary code with the privileges of the user invoking the\n program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"4:0.8.4-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"4:0.8.4-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.4-0ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.4-0ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:20:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2789", "CVE-2012-2802", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-2794", "CVE-2012-2776", "CVE-2012-2798"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1630-1", "modified": "2017-12-01T00:00:00", "published": "2012-11-15T00:00:00", "id": "OPENVAS:841213", "href": "http://plugins.openvas.org/nasl.php?oid=841213", "type": "openvas", "title": "Ubuntu Update for libav USN-1630-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1630_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for libav USN-1630-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Libav incorrectly handled certain malformed media\n files. If a user were tricked into opening a crafted media file, an\n attacker could cause a denial of service via application crash, or possibly\n execute arbitrary code with the privileges of the user invoking the\n program.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1630-1\";\ntag_affected = \"libav on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1630-1/\");\n script_id(841213);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-15 11:47:49 +0530 (Thu, 15 Nov 2012)\");\n script_cve_id(\"CVE-2012-2772\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\",\n \"CVE-2012-2779\", \"CVE-2012-2784\", \"CVE-2012-2786\", \"CVE-2012-2787\",\n \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2793\",\n \"CVE-2012-2794\", \"CVE-2012-2796\", \"CVE-2012-2798\", \"CVE-2012-2800\",\n \"CVE-2012-2801\", \"CVE-2012-2802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1630-1\");\n script_name(\"Ubuntu Update for libav USN-1630-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"4:0.8.4-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"4:0.8.4-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.4-0ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.4-0ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2789", "CVE-2012-2802", "CVE-2012-2797", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2803", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2783", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-5144", "CVE-2012-2794", "CVE-2012-2804", "CVE-2012-2776", "CVE-2012-2791", "CVE-2012-2798"], "description": "Gentoo Linux Local Security Checks GLSA 201406-28", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121231", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121231", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201406-28", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201406-28.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121231\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:28 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201406-28\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201406-28\");\n script_cve_id(\"CVE-2012-2772\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\", \"CVE-2012-2779\", \"CVE-2012-2783\", \"CVE-2012-2784\", \"CVE-2012-2786\", \"CVE-2012-2787\", \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2791\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2796\", \"CVE-2012-2797\", \"CVE-2012-2798\", \"CVE-2012-2800\", \"CVE-2012-2801\", \"CVE-2012-2802\", \"CVE-2012-2803\", \"CVE-2012-2804\", \"CVE-2012-5144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201406-28\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-video/libav\", unaffected: make_list(\"ge 0.8.7\"), vulnerable: make_list(\"lt 0.8.7\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2788", "CVE-2012-2777", "CVE-2012-2784", "CVE-2012-2801"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1675-1", "modified": "2019-03-13T00:00:00", "published": "2012-12-26T00:00:00", "id": "OPENVAS:1361412562310841265", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841265", "type": "openvas", "title": "Ubuntu Update for ffmpeg USN-1675-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1675_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for ffmpeg USN-1675-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1675-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841265\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:08:35 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-2777\", \"CVE-2012-2784\", \"CVE-2012-2788\", \"CVE-2012-2801\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1675-1\");\n script_name(\"Ubuntu Update for ffmpeg USN-1675-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1675-1\");\n script_tag(name:\"affected\", value:\"ffmpeg on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that FFmpeg incorrectly handled certain malformed media\n files. If a user were tricked into opening a crafted media file, an\n attacker could cause a denial of service via application crash, or possibly\n execute arbitrary code with the privileges of the user invoking the\n program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"4:0.5.9-0ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"4:0.5.9-0ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:21:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2788", "CVE-2012-2777", "CVE-2012-2784", "CVE-2012-2801"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1675-1", "modified": "2017-12-01T00:00:00", "published": "2012-12-26T00:00:00", "id": "OPENVAS:841265", "href": "http://plugins.openvas.org/nasl.php?oid=841265", "type": "openvas", "title": "Ubuntu Update for ffmpeg USN-1675-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1675_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for ffmpeg USN-1675-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that FFmpeg incorrectly handled certain malformed media\n files. If a user were tricked into opening a crafted media file, an\n attacker could cause a denial of service via application crash, or possibly\n execute arbitrary code with the privileges of the user invoking the\n program.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1675-1\";\ntag_affected = \"ffmpeg on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1675-1/\");\n script_id(841265);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-26 12:08:35 +0530 (Wed, 26 Dec 2012)\");\n script_cve_id(\"CVE-2012-2777\", \"CVE-2012-2784\", \"CVE-2012-2788\", \"CVE-2012-2801\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1675-1\");\n script_name(\"Ubuntu Update for ffmpeg USN-1675-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"4:0.5.9-0ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"4:0.5.9-0ubuntu0.10.04.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0858", "CVE-2012-2788", "CVE-2012-2777", "CVE-2012-2803", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2783"], "description": "Several vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. Multiple input validations in the\ndecoders/demuxers for Shorten, Chinese AVS video, VP5, VP6, AVI, AVS and\nMPEG-1/2 files could lead to the execution of arbitrary code.\n\nMost of these issues were discovered by Mateusz Jurczyk and Gynvael\nColdwind.", "modified": "2019-03-18T00:00:00", "published": "2013-02-16T00:00:00", "id": "OPENVAS:1361412562310892624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892624", "type": "openvas", "title": "Debian Security Advisory DSA 2624-1 (ffmpeg - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2624.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2624-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892624\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2012-2777\", \"CVE-2012-0858\", \"CVE-2012-2788\", \"CVE-2012-2784\", \"CVE-2012-2803\", \"CVE-2012-2801\", \"CVE-2012-2783\");\n script_name(\"Debian Security Advisory DSA 2624-1 (ffmpeg - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-16 00:00:00 +0100 (Sat, 16 Feb 2013)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2624.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"ffmpeg on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (squeeze), these problems have been fixed in\nversion 4:0.5.10-1.\n\nFor the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in version 6:0.8.5-1 of the source package\nlibav.\n\nWe recommend that you upgrade your ffmpeg packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. Multiple input validations in the\ndecoders/demuxers for Shorten, Chinese AVS video, VP5, VP6, AVI, AVS and\nMPEG-1/2 files could lead to the execution of arbitrary code.\n\nMost of these issues were discovered by Mateusz Jurczyk and Gynvael\nColdwind.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter0\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"4:0.5.10-1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.5-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:52:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0858", "CVE-2012-2788", "CVE-2012-2777", "CVE-2012-2803", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2783"], "description": "Several vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. Multiple input validations in the\ndecoders/demuxers for Shorten, Chinese AVS video, VP5, VP6, AVI, AVS and\nMPEG-1/2 files could lead to the execution of arbitrary code.\n\nMost of these issues were discovered by Mateusz Jurczyk and Gynvael\nColdwind.", "modified": "2017-07-07T00:00:00", "published": "2013-02-16T00:00:00", "id": "OPENVAS:892624", "href": "http://plugins.openvas.org/nasl.php?oid=892624", "type": "openvas", "title": "Debian Security Advisory DSA 2624-1 (ffmpeg - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2624.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2624-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"ffmpeg on Debian Linux\";\ntag_insight = \"This package contains the ffplay multimedia player, the ffserver streaming\nserver and the ffmpeg audio and video encoder. They support most existing\nfile formats (AVI, MPEG, OGG, Matroska, ASF...) and encoding formats (MPEG,\nDivX, MPEG4, AC3, DV...).\";\ntag_solution = \"For the stable distribution (squeeze), these problems have been fixed in\nversion 4:0.5.10-1.\n\nFor the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in version 6:0.8.5-1 of the source package\nlibav.\n\nWe recommend that you upgrade your ffmpeg packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. Multiple input validations in the\ndecoders/demuxers for Shorten, Chinese AVS video, VP5, VP6, AVI, AVS and\nMPEG-1/2 files could lead to the execution of arbitrary code.\n\nMost of these issues were discovered by Mateusz Jurczyk and Gynvael\nColdwind.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892624);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-2777\", \"CVE-2012-0858\", \"CVE-2012-2788\", \"CVE-2012-2784\", \"CVE-2012-2803\", \"CVE-2012-2801\", \"CVE-2012-2783\");\n script_name(\"Debian Security Advisory DSA 2624-1 (ffmpeg - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-02-16 00:00:00 +0100 (Sat, 16 Feb 2013)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2624.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec52\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter0\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"4:0.5.10-1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"6:0.8.5-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3937", "CVE-2011-3936", "CVE-2011-3952", "CVE-2011-3940", "CVE-2011-3947", "CVE-2011-1931", "CVE-2009-4637", "CVE-2012-2773", "CVE-2012-2781", "CVE-2012-2778", "CVE-2009-4638", "CVE-2013-3673", "CVE-2010-3429", "CVE-2013-3674", "CVE-2011-3950", "CVE-2009-4639", "CVE-2009-4633", "CVE-2012-2789", "CVE-2013-3675", "CVE-2009-4635", "CVE-2012-2802", "CVE-2012-2805", "CVE-2012-2797", "CVE-2011-3951", "CVE-2012-2793", "CVE-2010-4704", "CVE-2012-2779", "CVE-2012-2771", "CVE-2012-2782", "CVE-2013-3672", "CVE-2012-2800", "CVE-2011-3934", "CVE-2012-2792", "CVE-2009-4634", "CVE-2012-2772", "CVE-2012-2788", "CVE-2011-3944", "CVE-2011-3893", "CVE-2011-3941", "CVE-2012-2786", "CVE-2011-4351", "CVE-2013-3670", "CVE-2012-2777", "CVE-2009-4631", "CVE-2012-2775", "CVE-2012-2790", "CVE-2011-3973", "CVE-2012-2803", "CVE-2009-4640", "CVE-2011-3929", "CVE-2012-2795", "CVE-2011-4364", "CVE-2012-2784", "CVE-2009-4632", "CVE-2011-3895", "CVE-2012-2801", "CVE-2010-4705", "CVE-2011-4353", "CVE-2011-3945", "CVE-2011-3974", "CVE-2011-3935", "CVE-2011-3362", "CVE-2012-2783", "CVE-2012-2774", "CVE-2012-2785", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-0947", "CVE-2012-2780", "CVE-2009-4636", "CVE-2012-2794", "CVE-2012-2804", "CVE-2012-2776", "CVE-2011-4352", "CVE-2012-2791", "CVE-2013-3671", "CVE-2011-3949", "CVE-2010-3908", "CVE-2012-2799", "CVE-2012-2798", "CVE-2011-3946"], "description": "Gentoo Linux Local Security Checks GLSA 201310-12", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121050", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201310-12", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201310-12.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121050\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:08 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201310-12\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201310-12\");\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-3908\", \"CVE-2010-4704\", \"CVE-2010-4705\", \"CVE-2011-1931\", \"CVE-2011-3362\", \"CVE-2011-3893\", \"CVE-2011-3895\", \"CVE-2011-3929\", \"CVE-2011-3934\", \"CVE-2011-3935\", \"CVE-2011-3936\", \"CVE-2011-3937\", \"CVE-2011-3940\", \"CVE-2011-3941\", \"CVE-2011-3944\", \"CVE-2011-3945\", \"CVE-2011-3946\", \"CVE-2011-3947\", \"CVE-2011-3949\", \"CVE-2011-3950\", \"CVE-2011-3951\", \"CVE-2011-3952\", \"CVE-2011-3973\", \"CVE-2011-3974\", \"CVE-2011-4351\", \"CVE-2011-4352\", \"CVE-2011-4353\", \"CVE-2011-4364\", \"CVE-2012-0947\", \"CVE-2012-2771\", \"CVE-2012-2772\", \"CVE-2012-2773\", \"CVE-2012-2774\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\", \"CVE-2012-2778\", \"CVE-2012-2779\", \"CVE-2012-2780\", \"CVE-2012-2781\", \"CVE-2012-2782\", \"CVE-2012-2783\", \"CVE-2012-2784\", \"CVE-2012-2785\", \"CVE-2012-2786\", \"CVE-2012-2787\", \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2791\", \"CVE-2012-2792\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2795\", \"CVE-2012-2796\", \"CVE-2012-2797\", \"CVE-2012-2798\", \"CVE-2012-2799\", \"CVE-2012-2800\", \"CVE-2012-2801\", \"CVE-2012-2802\", \"CVE-2012-2803\", \"CVE-2012-2804\", \"CVE-2012-2805\", \"CVE-2013-3670\", \"CVE-2013-3671\", \"CVE-2013-3672\", \"CVE-2013-3673\", \"CVE-2013-3674\", \"CVE-2013-3675\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201310-12\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-video/ffmpeg\", unaffected: make_list(\"ge 1.0.7\"), vulnerable: make_list(\"lt 1.0.7\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2802", "CVE-2012-2797", "CVE-2012-2803", "CVE-2012-2801", "CVE-2012-2783", "CVE-2012-5144", "CVE-2012-2804", "CVE-2012-2791", "CVE-2012-2798"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-01-31T00:00:00", "id": "OPENVAS:1361412562310841296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841296", "type": "openvas", "title": "Ubuntu Update for libav USN-1705-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1705_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libav USN-1705-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1705-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841296\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:26:26 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-2783\", \"CVE-2012-2791\", \"CVE-2012-2797\", \"CVE-2012-2798\",\n \"CVE-2012-2801\", \"CVE-2012-2802\", \"CVE-2012-2803\", \"CVE-2012-2804\",\n \"CVE-2012-5144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1705-1\");\n script_name(\"Ubuntu Update for libav USN-1705-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libav'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|12\\.10)\");\n script_tag(name:\"affected\", value:\"libav on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10\");\n script_tag(name:\"insight\", value:\"It was discovered that Libav incorrectly handled certain malformed media\n files. If a user were tricked into opening a crafted media file, an\n attacker could cause a denial of service via application crash, or possibly\n execute arbitrary code with the privileges of the user invoking the\n program.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"4:0.8.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"4:0.8.5-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"4:0.7.6-0ubuntu0.11.10.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"4:0.7.6-0ubuntu0.11.10.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"6:0.8.5-0ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"6:0.8.5-0ubuntu0.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T06:38:53", "description": "It was discovered that Libav incorrectly handled certain malformed\nmedia files. If a user were tricked into opening a crafted media file,\nan attacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-12-20T00:00:00", "title": "Ubuntu 11.10 : libav vulnerabilities (USN-1674-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2789", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2794", "CVE-2012-2798"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libavformat53", "p-cpe:/a:canonical:ubuntu_linux:libavcodec53"], "id": "UBUNTU_USN-1674-1.NASL", "href": "https://www.tenable.com/plugins/nessus/63315", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1674-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63315);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-2772\", \"CVE-2012-2775\", \"CVE-2012-2777\", \"CVE-2012-2779\", \"CVE-2012-2784\", \"CVE-2012-2786\", \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2798\", \"CVE-2012-2800\", \"CVE-2012-2801\");\n script_bugtraq_id(55355);\n script_xref(name:\"USN\", value:\"1674-1\");\n\n script_name(english:\"Ubuntu 11.10 : libav vulnerabilities (USN-1674-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Libav incorrectly handled certain malformed\nmedia files. If a user were tricked into opening a crafted media file,\nan attacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1674-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libavcodec53 and / or libavformat53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat53\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libavcodec53\", pkgver:\"4:0.7.6-0ubuntu0.11.10.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libavformat53\", pkgver:\"4:0.7.6-0ubuntu0.11.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libavcodec53 / libavformat53\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:38:39", "description": "It was discovered that Libav incorrectly handled certain malformed\nmedia files. If a user were tricked into opening a crafted media file,\nan attacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-11-13T00:00:00", "title": "Ubuntu 12.04 LTS / 12.10 : libav vulnerabilities (USN-1630-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2789", "CVE-2012-2802", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-2794", "CVE-2012-2776", "CVE-2012-2798"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:libavformat53", "p-cpe:/a:canonical:ubuntu_linux:libavcodec53", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62900", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1630-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62900);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-2772\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\", \"CVE-2012-2779\", \"CVE-2012-2784\", \"CVE-2012-2786\", \"CVE-2012-2787\", \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2796\", \"CVE-2012-2798\", \"CVE-2012-2800\", \"CVE-2012-2801\", \"CVE-2012-2802\");\n script_bugtraq_id(55355);\n script_xref(name:\"USN\", value:\"1630-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 : libav vulnerabilities (USN-1630-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Libav incorrectly handled certain malformed\nmedia files. If a user were tricked into opening a crafted media file,\nan attacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1630-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libavcodec53 and / or libavformat53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat53\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libavcodec53\", pkgver:\"4:0.8.4-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libavformat53\", pkgver:\"4:0.8.4-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libavcodec53\", pkgver:\"6:0.8.4-0ubuntu0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libavformat53\", pkgver:\"6:0.8.4-0ubuntu0.12.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libavcodec53 / libavformat53\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:54:06", "description": "Updated ffmpeg packages fix security vulnerabilities :\n\nh264: Add check for invalid chroma_format_idc (CVE-2012-0851)\n\nh263dec: Disallow width/height changing with frame threads\n(CVE-2011-3937)\n\nvc1dec: check that coded slice positions and interlacing match. This\nfixes out of array writes (CVE-2012-2796)\n\nalsdec: fix number of decoded samples in first sub-block in BGMC mode\n(CVE-2012-2790)\n\ncavsdec: check for changing w/h. Our decoder does not support changing\nw/h (CVE-2012-2777, CVE-2012-2784)\n\nindeo4: update AVCodecContext width/height on size change\n(CVE-2012-2787)\n\navidec: use actually read size instead of requested size\n(CVE-2012-2788)\n\nwmaprodec: check num_vec_coeffs for validity (CVE-2012-2789)\n\nlagarith: check count before writing zeros (CVE-2012-2793)\n\nindeo3: fix out of cell write (CVE-2012-2776)\n\nindeo5: check tile size in decode_mb_info\\(\\). This prevents writing\ninto a too small array if some parameters changed without the tile\nbeing reallocated (CVE-2012-2794)\n\nindeo5dec: Make sure we have had a valid gop header. This prevents\ndecoding happening on a half initialized context (CVE-2012-2779)\n\nindeo4/5: check empty tile size in decode_mb_info\\(\\). This prevents\nwriting into a too small array if some parameters changed without the\ntile being reallocated (CVE-2012-2800)\n\ndfa: improve boundary checks in decode_dds1\\(\\) (CVE-2012-2798)\n\ndfa: check that the caller set width/height properly (CVE-2012-2786)\n\navsdec: Set dimensions instead of relying on the demuxer. The decode\nfunction assumes that the video will have those dimensions\n(CVE-2012-2801)\n\nac3dec: ensure get_buffer\\(\\) gets a buffer for the correct number of\nchannels (CVE-2012-2802)\n\nrv34: error out on size changes with frame threading (CVE-2012-2772)\n\nalsdec: check opt_order. Fixes out of array write in quant_cof. Also\nmake sure no invalid opt_order stays in the context (CVE-2012-2775)\n\nThis updates ffmpeg to version 0.10.6 which contains the security\nfixes above as well as other bug fixes.", "edition": 25, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : ffmpeg (MDVSA-2013:079)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3937", "CVE-2012-0851", "CVE-2012-2789", "CVE-2012-2802", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-2794", "CVE-2012-2776", "CVE-2012-2798"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64swresample0", "p-cpe:/a:mandriva:linux:lib64swscaler2", "p-cpe:/a:mandriva:linux:lib64avfilter2", "p-cpe:/a:mandriva:linux:lib64avcodec53", "p-cpe:/a:mandriva:linux:ffmpeg", "p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel", "p-cpe:/a:mandriva:linux:lib64ffmpeg-devel", "p-cpe:/a:mandriva:linux:lib64avformat53", "p-cpe:/a:mandriva:linux:lib64avutil51", "p-cpe:/a:mandriva:linux:lib64postproc52"], "id": "MANDRIVA_MDVSA-2013-079.NASL", "href": "https://www.tenable.com/plugins/nessus/66093", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:079. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66093);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2011-3937\",\n \"CVE-2012-0851\",\n \"CVE-2012-2772\",\n \"CVE-2012-2775\",\n \"CVE-2012-2776\",\n \"CVE-2012-2777\",\n \"CVE-2012-2779\",\n \"CVE-2012-2784\",\n \"CVE-2012-2786\",\n \"CVE-2012-2787\",\n \"CVE-2012-2788\",\n \"CVE-2012-2789\",\n \"CVE-2012-2790\",\n \"CVE-2012-2793\",\n \"CVE-2012-2794\",\n \"CVE-2012-2796\",\n \"CVE-2012-2798\",\n \"CVE-2012-2800\",\n \"CVE-2012-2801\",\n \"CVE-2012-2802\"\n );\n script_bugtraq_id(\n 51307,\n 51720,\n 55355\n );\n script_xref(name:\"MDVSA\", value:\"2013:079\");\n script_xref(name:\"MGASA\", value:\"2012-0143\");\n script_xref(name:\"MGASA\", value:\"2012-0331\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ffmpeg (MDVSA-2013:079)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ffmpeg packages fix security vulnerabilities :\n\nh264: Add check for invalid chroma_format_idc (CVE-2012-0851)\n\nh263dec: Disallow width/height changing with frame threads\n(CVE-2011-3937)\n\nvc1dec: check that coded slice positions and interlacing match. This\nfixes out of array writes (CVE-2012-2796)\n\nalsdec: fix number of decoded samples in first sub-block in BGMC mode\n(CVE-2012-2790)\n\ncavsdec: check for changing w/h. Our decoder does not support changing\nw/h (CVE-2012-2777, CVE-2012-2784)\n\nindeo4: update AVCodecContext width/height on size change\n(CVE-2012-2787)\n\navidec: use actually read size instead of requested size\n(CVE-2012-2788)\n\nwmaprodec: check num_vec_coeffs for validity (CVE-2012-2789)\n\nlagarith: check count before writing zeros (CVE-2012-2793)\n\nindeo3: fix out of cell write (CVE-2012-2776)\n\nindeo5: check tile size in decode_mb_info\\(\\). This prevents writing\ninto a too small array if some parameters changed without the tile\nbeing reallocated (CVE-2012-2794)\n\nindeo5dec: Make sure we have had a valid gop header. This prevents\ndecoding happening on a half initialized context (CVE-2012-2779)\n\nindeo4/5: check empty tile size in decode_mb_info\\(\\). This prevents\nwriting into a too small array if some parameters changed without the\ntile being reallocated (CVE-2012-2800)\n\ndfa: improve boundary checks in decode_dds1\\(\\) (CVE-2012-2798)\n\ndfa: check that the caller set width/height properly (CVE-2012-2786)\n\navsdec: Set dimensions instead of relying on the demuxer. The decode\nfunction assumes that the video will have those dimensions\n(CVE-2012-2801)\n\nac3dec: ensure get_buffer\\(\\) gets a buffer for the correct number of\nchannels (CVE-2012-2802)\n\nrv34: error out on size changes with frame threading (CVE-2012-2772)\n\nalsdec: check opt_order. Fixes out of array write in quant_cof. Also\nmake sure no invalid opt_order stays in the context (CVE-2012-2775)\n\nThis updates ffmpeg to version 0.10.6 which contains the security\nfixes above as well as other bug fixes.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avcodec53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avfilter2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avformat53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avutil51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64postproc52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64swresample0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64swscaler2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ffmpeg-0.10.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64avcodec53-0.10.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64avfilter2-0.10.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64avformat53-0.10.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64avutil51-0.10.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64ffmpeg-devel-0.10.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64ffmpeg-static-devel-0.10.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64postproc52-0.10.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64swresample0-0.10.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64swscaler2-0.10.6-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:55:54", "description": "The remote host is affected by the vulnerability described in GLSA-201406-28\n(Libav: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Libav. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file in an application linked against Libav, possibly resulting in\n execution of arbitrary code with the privileges of the application or a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-06-27T00:00:00", "title": "GLSA-201406-28 : Libav: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2789", "CVE-2012-2802", "CVE-2012-2797", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2803", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2783", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-5144", "CVE-2012-2794", "CVE-2012-2804", "CVE-2012-2776", "CVE-2012-2791", "CVE-2012-2798"], "modified": "2014-06-27T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libav"], "id": "GENTOO_GLSA-201406-28.NASL", "href": "https://www.tenable.com/plugins/nessus/76272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-28.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76272);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2772\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\", \"CVE-2012-2779\", \"CVE-2012-2783\", \"CVE-2012-2784\", \"CVE-2012-2786\", \"CVE-2012-2787\", \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2791\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2796\", \"CVE-2012-2797\", \"CVE-2012-2798\", \"CVE-2012-2800\", \"CVE-2012-2801\", \"CVE-2012-2802\", \"CVE-2012-2803\", \"CVE-2012-2804\", \"CVE-2012-5144\");\n script_bugtraq_id(55355, 56903);\n script_xref(name:\"GLSA\", value:\"201406-28\");\n\n script_name(english:\"GLSA-201406-28 : Libav: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-28\n(Libav: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Libav. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file in an application linked against Libav, possibly resulting in\n execution of arbitrary code with the privileges of the application or a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-28\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Libav users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/libav-0.8.7'\n Packages which depend on this library may need to be recompiled. Tools such\n as revdep-rebuild may assist in identifying these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/libav\", unaffected:make_list(\"ge 0.8.7\"), vulnerable:make_list(\"lt 0.8.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Libav\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:38:53", "description": "It was discovered that FFmpeg incorrectly handled certain malformed\nmedia files. If a user were tricked into opening a crafted media file,\nan attacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-12-20T00:00:00", "title": "Ubuntu 10.04 LTS : ffmpeg vulnerabilities (USN-1675-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2788", "CVE-2012-2777", "CVE-2012-2784", "CVE-2012-2801"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libavformat52", "p-cpe:/a:canonical:ubuntu_linux:libavcodec52"], "id": "UBUNTU_USN-1675-1.NASL", "href": "https://www.tenable.com/plugins/nessus/63316", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1675-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63316);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-2777\", \"CVE-2012-2784\", \"CVE-2012-2788\", \"CVE-2012-2801\");\n script_bugtraq_id(55355);\n script_xref(name:\"USN\", value:\"1675-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : ffmpeg vulnerabilities (USN-1675-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that FFmpeg incorrectly handled certain malformed\nmedia files. If a user were tricked into opening a crafted media file,\nan attacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1675-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libavcodec52 and / or libavformat52 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat52\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavcodec52\", pkgver:\"4:0.5.9-0ubuntu0.10.04.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libavformat52\", pkgver:\"4:0.5.9-0ubuntu0.10.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libavcodec52 / libavformat52\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:47:47", "description": "Several vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. Multiple input validations in the\ndecoders/demuxers for Shorten, Chinese AVS video, VP5, VP6, AVI, AVS\nand MPEG-1/2 files could lead to the execution of arbitrary code.\n\nMost of these issues were discovered by Mateusz Jurczyk and Gynvael\nColdwind.", "edition": 16, "published": "2013-02-18T00:00:00", "title": "Debian DSA-2624-1 : ffmpeg - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0858", "CVE-2012-2788", "CVE-2012-2777", "CVE-2012-2803", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2783"], "modified": "2013-02-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:ffmpeg"], "id": "DEBIAN_DSA-2624.NASL", "href": "https://www.tenable.com/plugins/nessus/64648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2624. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64648);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0858\", \"CVE-2012-2777\", \"CVE-2012-2783\", \"CVE-2012-2784\", \"CVE-2012-2788\", \"CVE-2012-2801\", \"CVE-2012-2803\");\n script_bugtraq_id(51307, 55355);\n script_xref(name:\"DSA\", value:\"2624\");\n\n script_name(english:\"Debian DSA-2624-1 : ffmpeg - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. Multiple input validations in the\ndecoders/demuxers for Shorten, Chinese AVS video, VP5, VP6, AVI, AVS\nand MPEG-1/2 files could lead to the execution of arbitrary code.\n\nMost of these issues were discovered by Mateusz Jurczyk and Gynvael\nColdwind.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/ffmpeg\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2624\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ffmpeg packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 4:0.5.10-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"ffmpeg\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ffmpeg-dbg\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ffmpeg-doc\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libavcodec-dev\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libavcodec52\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libavdevice-dev\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libavdevice52\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libavfilter-dev\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libavfilter0\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libavformat-dev\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libavformat52\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libavutil-dev\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libavutil49\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpostproc-dev\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpostproc51\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libswscale-dev\", reference:\"4:0.5.10-1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libswscale0\", reference:\"4:0.5.10-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:43:15", "description": "Bundled version of libav in gstreamer-ffmpeg contains a number of\nvulnerabilities.", "edition": 22, "published": "2013-08-21T00:00:00", "title": "FreeBSD : gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav (4d087b35-0990-11e3-a9f4-bcaec565249c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3937", "CVE-2011-3936", "CVE-2011-3952", "CVE-2012-0851", "CVE-2011-3940", "CVE-2011-3947", "CVE-2012-0858", "CVE-2011-4579", "CVE-2011-3951", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-0848", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-0852", "CVE-2011-3893", "CVE-2012-2786", "CVE-2011-4351", "CVE-2011-4031", "CVE-2012-0850", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-0853", "CVE-2012-2803", "CVE-2011-3929", "CVE-2011-4364", "CVE-2012-2784", "CVE-2011-3895", "CVE-2012-2801", "CVE-2011-3892", "CVE-2011-4353", "CVE-2011-3945", "CVE-2012-2783", "CVE-2012-2787", "CVE-2012-0947", "CVE-2012-5144", "CVE-2012-2794", "CVE-2011-4352", "CVE-2012-2791", "CVE-2012-2798"], "modified": "2013-08-21T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:gstreamer-ffmpeg"], "id": "FREEBSD_PKG_4D087B35099011E3A9F4BCAEC565249C.NASL", "href": "https://www.tenable.com/plugins/nessus/69412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69412);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3892\", \"CVE-2011-3893\", \"CVE-2011-3895\", \"CVE-2011-3929\", \"CVE-2011-3936\", \"CVE-2011-3937\", \"CVE-2011-3940\", \"CVE-2011-3945\", \"CVE-2011-3947\", \"CVE-2011-3951\", \"CVE-2011-3952\", \"CVE-2011-4031\", \"CVE-2011-4351\", \"CVE-2011-4352\", \"CVE-2011-4353\", \"CVE-2011-4364\", \"CVE-2011-4579\", \"CVE-2012-0848\", \"CVE-2012-0850\", \"CVE-2012-0851\", \"CVE-2012-0852\", \"CVE-2012-0853\", \"CVE-2012-0858\", \"CVE-2012-0947\", \"CVE-2012-2772\", \"CVE-2012-2775\", \"CVE-2012-2777\", \"CVE-2012-2779\", \"CVE-2012-2783\", \"CVE-2012-2784\", \"CVE-2012-2786\", \"CVE-2012-2787\", \"CVE-2012-2788\", \"CVE-2012-2790\", \"CVE-2012-2791\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2798\", \"CVE-2012-2800\", \"CVE-2012-2801\", \"CVE-2012-2803\", \"CVE-2012-5144\");\n\n script_name(english:\"FreeBSD : gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav (4d087b35-0990-11e3-a9f4-bcaec565249c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bundled version of libav in gstreamer-ffmpeg contains a number of\nvulnerabilities.\"\n );\n # http://libav.org/releases/libav-0.7.7.changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://libav.org/releases/libav-0.7.7.changelog\"\n );\n # https://vuxml.freebsd.org/freebsd/4d087b35-0990-11e3-a9f4-bcaec565249c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f6a5c64\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gstreamer-ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gstreamer-ffmpeg<0.10.13_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:55:06", "description": "The remote host is affected by the vulnerability described in GLSA-201310-12\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers and FFmpeg changelogs referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly leading to the execution of arbitrary code with the\n privileges of the user running the application or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-10-27T00:00:00", "title": "GLSA-201310-12 : FFmpeg: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3937", "CVE-2011-3936", "CVE-2011-3952", "CVE-2011-3940", "CVE-2011-3947", "CVE-2011-1931", "CVE-2009-4637", "CVE-2012-2773", "CVE-2012-2781", "CVE-2012-2778", "CVE-2009-4638", "CVE-2013-3673", "CVE-2010-3429", "CVE-2013-3674", "CVE-2011-3950", "CVE-2009-4639", "CVE-2009-4633", "CVE-2012-2789", "CVE-2013-3675", "CVE-2009-4635", "CVE-2012-2802", "CVE-2012-2805", "CVE-2012-2797", "CVE-2011-3951", "CVE-2012-2793", "CVE-2010-4704", "CVE-2012-2779", "CVE-2012-2771", "CVE-2012-2782", "CVE-2013-3672", "CVE-2012-2800", "CVE-2011-3934", "CVE-2012-2792", "CVE-2009-4634", "CVE-2012-2772", "CVE-2012-2788", "CVE-2011-3944", "CVE-2011-3893", "CVE-2011-3941", "CVE-2012-2786", "CVE-2011-4351", "CVE-2013-3670", "CVE-2012-2777", "CVE-2009-4631", "CVE-2012-2775", "CVE-2012-2790", "CVE-2011-3973", "CVE-2012-2803", "CVE-2009-4640", "CVE-2011-3929", "CVE-2012-2795", "CVE-2011-4364", "CVE-2012-2784", "CVE-2009-4632", "CVE-2011-3895", "CVE-2012-2801", "CVE-2010-4705", "CVE-2011-4353", "CVE-2011-3945", "CVE-2011-3974", "CVE-2011-3935", "CVE-2011-3362", "CVE-2012-2783", "CVE-2012-2774", "CVE-2012-2785", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-0947", "CVE-2012-2780", "CVE-2009-4636", "CVE-2012-2794", "CVE-2012-2804", "CVE-2012-2776", "CVE-2011-4352", "CVE-2012-2791", "CVE-2013-3671", "CVE-2011-3949", "CVE-2010-3908", "CVE-2012-2799", "CVE-2012-2798", "CVE-2011-3946"], "modified": "2013-10-27T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ffmpeg"], "id": "GENTOO_GLSA-201310-12.NASL", "href": "https://www.tenable.com/plugins/nessus/70647", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201310-12.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70647);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-4631\", \"CVE-2009-4632\", \"CVE-2009-4633\", \"CVE-2009-4634\", \"CVE-2009-4635\", \"CVE-2009-4636\", \"CVE-2009-4637\", \"CVE-2009-4638\", \"CVE-2009-4639\", \"CVE-2009-4640\", \"CVE-2010-3429\", \"CVE-2010-3908\", \"CVE-2010-4704\", \"CVE-2010-4705\", \"CVE-2011-1931\", \"CVE-2011-3362\", \"CVE-2011-3893\", \"CVE-2011-3895\", \"CVE-2011-3929\", \"CVE-2011-3934\", \"CVE-2011-3935\", \"CVE-2011-3936\", \"CVE-2011-3937\", \"CVE-2011-3940\", \"CVE-2011-3941\", \"CVE-2011-3944\", \"CVE-2011-3945\", \"CVE-2011-3946\", \"CVE-2011-3947\", \"CVE-2011-3949\", \"CVE-2011-3950\", \"CVE-2011-3951\", \"CVE-2011-3952\", \"CVE-2011-3973\", \"CVE-2011-3974\", \"CVE-2011-4351\", \"CVE-2011-4352\", \"CVE-2011-4353\", \"CVE-2011-4364\", \"CVE-2012-0947\", \"CVE-2012-2771\", \"CVE-2012-2772\", \"CVE-2012-2773\", \"CVE-2012-2774\", \"CVE-2012-2775\", \"CVE-2012-2776\", \"CVE-2012-2777\", \"CVE-2012-2778\", \"CVE-2012-2779\", \"CVE-2012-2780\", \"CVE-2012-2781\", \"CVE-2012-2782\", \"CVE-2012-2783\", \"CVE-2012-2784\", \"CVE-2012-2785\", \"CVE-2012-2786\", \"CVE-2012-2787\", \"CVE-2012-2788\", \"CVE-2012-2789\", \"CVE-2012-2790\", \"CVE-2012-2791\", \"CVE-2012-2792\", \"CVE-2012-2793\", \"CVE-2012-2794\", \"CVE-2012-2795\", \"CVE-2012-2796\", \"CVE-2012-2797\", \"CVE-2012-2798\", \"CVE-2012-2799\", \"CVE-2012-2800\", \"CVE-2012-2801\", \"CVE-2012-2802\", \"CVE-2012-2803\", \"CVE-2012-2804\", \"CVE-2012-2805\", \"CVE-2013-3670\", \"CVE-2013-3671\", \"CVE-2013-3672\", \"CVE-2013-3673\", \"CVE-2013-3674\", \"CVE-2013-3675\");\n script_bugtraq_id(36465, 46294, 47147, 47602, 49115, 49118, 50642, 50760, 50880, 51720, 53389, 55355, 60476, 60491, 60492, 60494, 60496, 60497);\n script_xref(name:\"GLSA\", value:\"201310-12\");\n\n script_name(english:\"GLSA-201310-12 : FFmpeg: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201310-12\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers and FFmpeg changelogs referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly leading to the execution of arbitrary code with the\n privileges of the user running the application or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5d92e58\"\n );\n # https://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/1.0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50837c86\"\n );\n # http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd80b73a\"\n );\n # https://secunia.com/advisories/36760/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com//advisories/36760/\"\n );\n # https://secunia.com/advisories/46134/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com//advisories/46134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201310-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-1.0.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(94, 119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 1.0.7\"), vulnerable:make_list(\"lt 1.0.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FFmpeg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:39:08", "description": "It was discovered that Libav incorrectly handled certain malformed\nmedia files. If a user were tricked into opening a crafted media file,\nan attacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2013-01-29T00:00:00", "title": "Ubuntu 11.10 / 12.04 LTS / 12.10 : libav vulnerabilities (USN-1705-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2802", "CVE-2012-2797", "CVE-2012-2803", "CVE-2012-2801", "CVE-2012-2783", "CVE-2012-5144", "CVE-2012-2804", "CVE-2012-2791", "CVE-2012-2798"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:libavformat53", "p-cpe:/a:canonical:ubuntu_linux:libavcodec53", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1705-1.NASL", "href": "https://www.tenable.com/plugins/nessus/64283", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1705-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64283);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-2783\", \"CVE-2012-2791\", \"CVE-2012-2797\", \"CVE-2012-2798\", \"CVE-2012-2801\", \"CVE-2012-2802\", \"CVE-2012-2803\", \"CVE-2012-2804\", \"CVE-2012-5144\");\n script_bugtraq_id(55355, 56903);\n script_xref(name:\"USN\", value:\"1705-1\");\n\n script_name(english:\"Ubuntu 11.10 / 12.04 LTS / 12.10 : libav vulnerabilities (USN-1705-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Libav incorrectly handled certain malformed\nmedia files. If a user were tricked into opening a crafted media file,\nan attacker could cause a denial of service via application crash, or\npossibly execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1705-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libavcodec53 and / or libavformat53 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat53\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libavcodec53\", pkgver:\"4:0.7.6-0ubuntu0.11.10.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libavformat53\", pkgver:\"4:0.7.6-0ubuntu0.11.10.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libavcodec53\", pkgver:\"4:0.8.5-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libavformat53\", pkgver:\"4:0.8.5-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libavcodec53\", pkgver:\"6:0.8.5-0ubuntu0.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libavformat53\", pkgver:\"6:0.8.5-0ubuntu0.12.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libavcodec53 / libavformat53\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:47:20", "description": "Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to \"width/height changing with frame threading.\"", "edition": 5, "cvss3": {}, "published": "2012-09-10T22:55:00", "title": "CVE-2012-2772", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2772"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:libav:libav:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:libav:libav:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:libav:libav:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:libav:libav:0.7.5", "cpe:/a:libav:libav:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:libav:libav:0.8.3", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:libav:libav:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:libav:libav:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:libav:libav:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:libav:libav:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:libav:libav:0.8", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2012-2772", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2772", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).", "edition": 5, "cvss3": {}, "published": "2012-09-10T22:55:00", "title": "CVE-2012-2789", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2789"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:libav:libav:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:libav:libav:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:libav:libav:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:libav:libav:0.7.5", "cpe:/a:libav:libav:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:libav:libav:0.8.3", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:libav:libav:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:libav:libav:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:libav:libav:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:libav:libav:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:libav:libav:0.8", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2012-2789", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2789", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to \"too many zeros.\"", "edition": 5, "cvss3": {}, "published": "2012-09-10T22:55:00", "title": "CVE-2012-2793", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2793"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:libav:libav:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:libav:libav:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:libav:libav:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:libav:libav:0.7.5", "cpe:/a:libav:libav:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:libav:libav:0.8.3", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:libav:libav:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:libav:libav:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:libav:libav:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:libav:libav:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:libav:libav:0.8", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2012-2793", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2793", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an \"out of array read\" when a \"packet is shrunk.\"", "edition": 5, "cvss3": {}, "published": "2012-09-10T22:55:00", "title": "CVE-2012-2788", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2788"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:libav:libav:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:libav:libav:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:libav:libav:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:libav:libav:0.7.5", "cpe:/a:libav:libav:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:libav:libav:0.8.3", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:libav:libav:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:libav:libav:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:libav:libav:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:libav:libav:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:libav:libav:0.8", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2012-2788", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2788", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to \"width/height changing in CAVS,\" a different vulnerability than CVE-2012-2784.", "edition": 5, "cvss3": {}, "published": "2012-09-10T22:55:00", "title": "CVE-2012-2777", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2777"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:libav:libav:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:libav:libav:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:libav:libav:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:libav:libav:0.7.5", "cpe:/a:libav:libav:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:libav:libav:0.8.3", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:libav:libav:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:libav:libav:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:libav:libav:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:libav:libav:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:libav:libav:0.8", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2012-2777", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2777", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an \"out of array write in quant_cof.\"", "edition": 5, "cvss3": {}, "published": "2012-09-10T22:55:00", "title": "CVE-2012-2775", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2775"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:libav:libav:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:libav:libav:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:libav:libav:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:libav:libav:0.7.5", "cpe:/a:libav:libav:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:libav:libav:0.8.3", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:libav:libav:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:libav:libav:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:libav:libav:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:libav:libav:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:libav:libav:0.8", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2012-2775", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2775", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to \"width/height changing in CAVS,\" a different vulnerability than CVE-2012-2777.", "edition": 5, "cvss3": {}, "published": "2012-09-10T22:55:00", "title": "CVE-2012-2784", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2784"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:libav:libav:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:libav:libav:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:libav:libav:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:libav:libav:0.7.5", "cpe:/a:libav:libav:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:libav:libav:0.8.3", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:libav:libav:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:libav:libav:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:libav:libav:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:libav:libav:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:libav:libav:0.8", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2012-2784", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2784", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid \"gop header\" and decoding in a \"half initialized context.\"", "edition": 5, "cvss3": {}, "published": "2012-09-10T22:55:00", "title": "CVE-2012-2779", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2779"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:libav:libav:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:libav:libav:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:libav:libav:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:libav:libav:0.7.5", "cpe:/a:libav:libav:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:libav:libav:0.8.3", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:libav:libav:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:libav:libav:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:libav:libav:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:libav:libav:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:libav:libav:0.8", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2012-2779", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2779", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and \"out of array writes.\"", "edition": 5, "cvss3": {}, "published": "2012-09-10T22:55:00", "title": "CVE-2012-2801", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2801"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:libav:libav:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:libav:libav:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:libav:libav:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:libav:libav:0.7.5", "cpe:/a:libav:libav:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:libav:libav:0.8.3", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:libav:libav:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:libav:libav:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:libav:libav:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:libav:libav:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:libav:libav:0.8", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2012-2801", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2801", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an \"out of array write.\"", "edition": 5, "cvss3": {}, "published": "2012-09-10T22:55:00", "title": "CVE-2012-2786", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2786"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:libav:libav:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:libav:libav:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:libav:libav:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:libav:libav:0.7.5", "cpe:/a:libav:libav:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:libav:libav:0.8.3", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:libav:libav:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:libav:libav:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:libav:libav:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:libav:libav:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:libav:libav:0.8", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2012-2786", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2786", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libav:libav:0.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:47:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2789", "CVE-2012-2802", "CVE-2012-2797", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-2803", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2783", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-5144", "CVE-2012-2794", "CVE-2012-2804", "CVE-2012-2776", "CVE-2012-2791", "CVE-2012-2798"], "description": "### Background\n\nLibav is a complete solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file in an application linked against Libav, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Libav users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/libav-0.8.7\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "edition": 1, "modified": "2014-06-26T00:00:00", "published": "2014-06-26T00:00:00", "id": "GLSA-201406-28", "href": "https://security.gentoo.org/glsa/201406-28", "type": "gentoo", "title": "Libav: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3937", "CVE-2011-3936", "CVE-2011-3952", "CVE-2011-3940", "CVE-2011-3947", "CVE-2011-1931", "CVE-2009-4637", "CVE-2012-2773", "CVE-2012-2781", "CVE-2012-2778", "CVE-2009-4638", "CVE-2013-3673", "CVE-2010-3429", "CVE-2013-3674", "CVE-2011-3950", "CVE-2009-4639", "CVE-2009-4633", "CVE-2012-2789", "CVE-2013-3675", "CVE-2009-4635", "CVE-2012-2802", "CVE-2012-2805", "CVE-2012-2797", "CVE-2011-3951", "CVE-2012-2793", "CVE-2010-4704", "CVE-2012-2779", "CVE-2012-2771", "CVE-2012-2782", "CVE-2013-3672", "CVE-2012-2800", "CVE-2011-3934", "CVE-2012-2792", "CVE-2009-4634", "CVE-2012-2772", "CVE-2012-2788", "CVE-2011-3944", "CVE-2011-3893", "CVE-2011-3941", "CVE-2012-2786", "CVE-2011-4351", "CVE-2013-3670", "CVE-2012-2777", "CVE-2009-4631", "CVE-2012-2775", "CVE-2012-2790", "CVE-2011-3973", "CVE-2012-2803", "CVE-2009-4640", "CVE-2011-3929", "CVE-2012-2795", "CVE-2011-4364", "CVE-2012-2784", "CVE-2009-4632", "CVE-2011-3895", "CVE-2012-2801", "CVE-2010-4705", "CVE-2011-4353", "CVE-2011-3945", "CVE-2011-3974", "CVE-2011-3935", "CVE-2011-3362", "CVE-2012-2783", "CVE-2012-2774", "CVE-2012-2785", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-0947", "CVE-2012-2780", "CVE-2009-4636", "CVE-2012-2794", "CVE-2012-2804", "CVE-2012-2776", "CVE-2011-4352", "CVE-2012-2791", "CVE-2013-3671", "CVE-2011-3949", "CVE-2010-3908", "CVE-2012-2799", "CVE-2012-2798", "CVE-2011-3946"], "edition": 1, "description": "### Background\n\nFFmpeg is a complete solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers and FFmpeg changelogs referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-1.0.7\"", "modified": "2013-10-25T00:00:00", "published": "2013-10-25T00:00:00", "id": "GLSA-201310-12", "href": "https://security.gentoo.org/glsa/201310-12", "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2011-3936", "CVE-2011-3952", "CVE-2012-0851", "CVE-2011-3940", "CVE-2011-3947", "CVE-2012-2789", "CVE-2012-2802", "CVE-2011-3951", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-0852", "CVE-2011-3893", "CVE-2012-2786", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-0853", "CVE-2011-3929", "CVE-2012-2784", "CVE-2011-3895", "CVE-2012-2801", "CVE-2011-3892", "CVE-2012-2787", "CVE-2012-2796", "CVE-2012-0947", "CVE-2012-2794", "CVE-2012-2776", "CVE-2012-2798"], "description": "Multiple security vulnerabilities on Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV parsing.", "edition": 1, "modified": "2012-06-17T00:00:00", "published": "2012-06-17T00:00:00", "id": "SECURITYVULNS:VULN:12385", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12385", "title": "ffmpeg library multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:50", "bulletinFamily": "software", "cvelist": ["CVE-2012-2802", "CVE-2012-2797", "CVE-2012-2803", "CVE-2012-2801", "CVE-2012-2783", "CVE-2012-5144", "CVE-2012-2804", "CVE-2012-2791", "CVE-2012-2798"], "description": "Multple memory corruptions on different formats handling.", "edition": 1, "modified": "2013-02-04T00:00:00", "published": "2013-02-04T00:00:00", "id": "SECURITYVULNS:VULN:12859", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12859", "title": "libav / ffmpeg multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-2802", "CVE-2012-2797", "CVE-2012-2803", "CVE-2012-2801", "CVE-2012-2783", "CVE-2012-5144", "CVE-2012-2804", "CVE-2012-2791", "CVE-2012-2798"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1705-1\r\nJanuary 28, 2013\r\n\r\nlibav vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n\r\nSummary:\r\n\r\nLibav could be made to crash or run programs as your login if it opened a\r\nspecially crafted file.\r\n\r\nSoftware Description:\r\n- libav: Multimedia player, server, encoder and transcoder\r\n\r\nDetails:\r\n\r\nIt was discovered that Libav incorrectly handled certain malformed media\r\nfiles. If a user were tricked into opening a crafted media file, an\r\nattacker could cause a denial of service via application crash, or possibly\r\nexecute arbitrary code with the privileges of the user invoking the\r\nprogram.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n libavcodec53 6:0.8.5-0ubuntu0.12.10.1\r\n libavformat53 6:0.8.5-0ubuntu0.12.10.1\r\n\r\nUbuntu 12.04 LTS:\r\n libavcodec53 4:0.8.5-0ubuntu0.12.04.1\r\n libavformat53 4:0.8.5-0ubuntu0.12.04.1\r\n\r\nUbuntu 11.10:\r\n libavcodec53 4:0.7.6-0ubuntu0.11.10.3\r\n libavformat53 4:0.7.6-0ubuntu0.11.10.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1705-1\r\n CVE-2012-2783, CVE-2012-2791, CVE-2012-2797, CVE-2012-2798,\r\n CVE-2012-2801, CVE-2012-2802, CVE-2012-2803, CVE-2012-2804,\r\n CVE-2012-5144\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libav/6:0.8.5-0ubuntu0.12.10.1\r\n https://launchpad.net/ubuntu/+source/libav/4:0.8.5-0ubuntu0.12.04.1\r\n https://launchpad.net/ubuntu/+source/libav/4:0.7.6-0ubuntu0.11.10.3\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2013-02-04T00:00:00", "published": "2013-02-04T00:00:00", "id": "SECURITYVULNS:DOC:29000", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29000", "title": "[USN-1705-1] Libav vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:14:34", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0858", "CVE-2012-2788", "CVE-2012-2777", "CVE-2012-2803", "CVE-2012-2784", "CVE-2012-2801", "CVE-2012-2783"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2624-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 16, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ffmpeg\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0858 CVE-2012-2777 CVE-2012-2783 CVE-2012-2784 \n CVE-2012-2788 CVE-2012-2801 CVE-2012-2803\n\nSeveral vulnerabilities have been discovered in FFmpeg, a multimedia \nplayer, server and encoder. Multiple input validations in the decoders/ \ndemuxers for Shorten, Chines AVS video, VP5, VP6, AVI, AVS and MPEG-1/2\nfiles could lead to the execution of arbitrary code.\n\nMost of these issues were discovered by Mateusz Jurczyk and Gynvael \nColdwind.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 4:0.5.10-1.\n\nFor the testing distribution (wheezy) and the unstable distribution (sid), \nthese problems have been fixed in version 6:0.8.5-1 of the source package\nlibav.\n\nWe recommend that you upgrade your ffmpeg packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 7, "modified": "2013-02-16T18:18:54", "published": "2013-02-16T18:18:54", "id": "DEBIAN:DSA-2624-1:5BC06", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00029.html", "title": "[SECURITY] [DSA 2624-1] ffmpeg security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:34", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3937", "CVE-2011-3936", "CVE-2011-3952", "CVE-2012-0851", "CVE-2011-3940", "CVE-2011-3947", "CVE-2012-0858", "CVE-2011-4579", "CVE-2011-3951", "CVE-2012-2793", "CVE-2012-2779", "CVE-2012-0848", "CVE-2012-2800", "CVE-2012-2772", "CVE-2012-2788", "CVE-2012-0852", "CVE-2011-3893", "CVE-2012-2786", "CVE-2011-4351", "CVE-2011-4031", "CVE-2012-0850", "CVE-2012-2777", "CVE-2012-2775", "CVE-2012-2790", "CVE-2012-0853", "CVE-2012-2803", "CVE-2011-3929", "CVE-2011-4364", "CVE-2012-2784", "CVE-2011-3895", "CVE-2012-2801", "CVE-2011-3892", "CVE-2011-4353", "CVE-2011-3945", "CVE-2012-2783", "CVE-2012-2787", "CVE-2012-0947", "CVE-2012-5144", "CVE-2012-2794", "CVE-2011-4352", "CVE-2012-2791", "CVE-2012-2798"], "description": "\n\nBundled version of libav in gstreamer-ffmpeg contains a number of\n\t vulnerabilities.\n\n", "edition": 4, "modified": "2013-08-20T00:00:00", "published": "2013-08-20T00:00:00", "id": "4D087B35-0990-11E3-A9F4-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/4d087b35-0990-11e3-a9f4-bcaec565249c.html", "title": "gstreamer-ffmpeg -- Multiple vulnerabilities in bundled libav", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}