Search...

[SECURITY] [DSA 2793-1] libav security update

2013-11-18T00:00:00

ID SECURITYVULNS:DOC:30009
Type securityvulns
Reporter Securityvulns
Modified 2013-11-18T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Debian Security Advisory DSA-2793-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 09, 2013 http://www.debian.org/security/faq

Package : libav Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-0844 CVE-2013-0850 CVE-2013-0853 CVE-2013-0854 CVE-2013-0857 CVE-2013-0858 CVE-2013-0866

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. The CVE IDs mentioned above are just a small portion of the security issues fixed in this update. A full list of the changes is available at http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.9

For the stable distribution (wheezy), these problems have been fixed in version 0.8.9-1.

For the unstable distribution (sid), these problems have been fixed in version 9.10-1.

We recommend that you upgrade your libav packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlJ+RYcACgkQXm3vHE4uylqkTwCfZdzvMgdNka3GaGRdHhNwPhgu kLUAn2ttuJ9K+UKLG4xdJI6sdwi2Y1Tu =I9iq -----END PGP SIGNATURE-----

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:30009", "bulletinFamily": "software", "title": "[SECURITY] [DSA 2793-1] libav security update", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2793-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nNovember 09, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libav\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2013-0844 CVE-2013-0850 CVE-2013-0853 CVE-2013-0854 \r\n CVE-2013-0857 CVE-2013-0858 CVE-2013-0866\r\n\r\nSeveral security issues have been corrected in multiple demuxers and \r\ndecoders of the libav multimedia library. The CVE IDs mentioned above are \r\njust a small portion of the security issues fixed in this update. A full\r\nlist of the changes is available at\r\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.9\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 0.8.9-1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 9.10-1.\r\n\r\nWe recommend that you upgrade your libav packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.15 (GNU/Linux)\r\n\r\niEYEARECAAYFAlJ+RYcACgkQXm3vHE4uylqkTwCfZdzvMgdNka3GaGRdHhNwPhgu\r\nkLUAn2ttuJ9K+UKLG4xdJI6sdwi2Y1Tu\r\n=I9iq\r\n-----END PGP SIGNATURE-----\r\n", "published": "2013-11-18T00:00:00", "modified": "2013-11-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30009", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2013-0866", "CVE-2013-0853", "CVE-2013-0858", "CVE-2013-0854", "CVE-2013-0844", "CVE-2013-0857", "CVE-2013-0850"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:49", "edition": 1, "viewCount": 5, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2018-08-31T11:10:49", "rev": 2}, "dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DSA-2793-1:A8806"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201603-06.NASL", "DEBIAN_DSA-2793.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121448", "OPENVAS:892793", "OPENVAS:1361412562310892793"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13409"]}, {"type": "cve", "idList": ["CVE-2013-0854", "CVE-2013-0857", "CVE-2013-0853", "CVE-2013-0858", "CVE-2013-0850", "CVE-2013-0866", "CVE-2013-0844"]}, {"type": "gentoo", "idList": ["GLSA-201603-06"]}], "modified": "2018-08-31T11:10:49", "rev": 2}, "vulnersScore": 6.2}, "affectedSoftware": []}

{"openvas": [{"lastseen": "2017-07-24T12:51:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0866", "CVE-2013-0853", "CVE-2013-0858", "CVE-2013-0854", "CVE-2013-0844", "CVE-2013-0857", "CVE-2013-0850"], "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The CVE IDs mentioned above are\njust a small portion of the security issues fixed in this update. A full\nlist of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.9", "modified": "2017-07-07T00:00:00", "published": "2013-11-09T00:00:00", "id": "OPENVAS:892793", "href": "http://plugins.openvas.org/nasl.php?oid=892793", "type": "openvas", "title": "Debian Security Advisory DSA 2793-1 (libav - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2793.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2793-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"libav on Debian Linux\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.9-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.10-1.\n\nWe recommend that you upgrade your libav packages.\";\ntag_summary = \"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The CVE IDs mentioned above are\njust a small portion of the security issues fixed in this update. A full\nlist of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.9\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892793);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-0853\", \"CVE-2013-0854\", \"CVE-2013-0858\", \"CVE-2013-0866\", \"CVE-2013-0857\", \"CVE-2013-0850\", \"CVE-2013-0844\");\n script_name(\"Debian Security Advisory DSA 2793-1 (libav - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-11-09 00:00:00 +0100 (Sat, 09 Nov 2013)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2793.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"0.8.9-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0866", "CVE-2013-0853", "CVE-2013-0858", "CVE-2013-0854", "CVE-2013-0844", "CVE-2013-0857", "CVE-2013-0850"], "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The CVE IDs mentioned above are\njust a small portion of the security issues fixed in this update.", "modified": "2019-03-18T00:00:00", "published": "2013-11-09T00:00:00", "id": "OPENVAS:1361412562310892793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892793", "type": "openvas", "title": "Debian Security Advisory DSA 2793-1 (libav - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2793.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 2793-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892793\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2013-0853\", \"CVE-2013-0854\", \"CVE-2013-0858\", \"CVE-2013-0866\", \"CVE-2013-0857\", \"CVE-2013-0850\", \"CVE-2013-0844\");\n script_name(\"Debian Security Advisory DSA 2793-1 (libav - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-09 00:00:00 +0100 (Sat, 09 Nov 2013)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2793.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libav on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.9-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.10-1.\n\nWe recommend that you upgrade your libav packages.\");\n script_tag(name:\"summary\", value:\"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The CVE IDs mentioned above are\njust a small portion of the security issues fixed in this update.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-dbg\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-doc\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-extra-dbg\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libav-tools\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec-extra-53\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavcodec53\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice-extra-53\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavdevice53\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-dev\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter-extra-2\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavfilter2\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat-extra-53\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavformat53\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil-extra-51\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libavutil51\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc-extra-52\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpostproc52\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale-extra-2\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libswscale2\", ver:\"0.8.9-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "description": "Gentoo Linux Local Security Checks GLSA 201603-06", "modified": "2018-10-26T00:00:00", "published": "2016-03-14T00:00:00", "id": "OPENVAS:1361412562310121448", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121448", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201603-06", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201603-06.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121448\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 15:52:42 +0200 (Mon, 14 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201603-06\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201603-06\");\n script_cve_id(\"CVE-2013-0860\", \"CVE-2013-0861\", \"CVE-2013-0862\", \"CVE-2013-0863\", \"CVE-2013-0864\", \"CVE-2013-0865\", \"CVE-2013-0866\", \"CVE-2013-0867\", \"CVE-2013-0868\", \"CVE-2013-0872\", \"CVE-2013-0873\", \"CVE-2013-0874\", \"CVE-2013-0875\", \"CVE-2013-0876\", \"CVE-2013-0877\", \"CVE-2013-0878\", \"CVE-2013-4263\", \"CVE-2013-4264\", \"CVE-2013-4265\", \"CVE-2013-7008\", \"CVE-2013-7009\", \"CVE-2013-7010\", \"CVE-2013-7011\", \"CVE-2013-7012\", \"CVE-2013-7013\", \"CVE-2013-7014\", \"CVE-2013-7015\", \"CVE-2013-7016\", \"CVE-2013-7017\", \"CVE-2013-7018\", \"CVE-2013-7019\", \"CVE-2013-7020\", \"CVE-2013-7021\", \"CVE-2013-7022\", \"CVE-2013-7023\", \"CVE-2013-7024\", \"CVE-2014-2097\", \"CVE-2014-2098\", \"CVE-2014-2263\", \"CVE-2014-5271\", \"CVE-2014-5272\", \"CVE-2014-7937\", \"CVE-2014-8541\", \"CVE-2014-8542\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8545\", \"CVE-2014-8546\", \"CVE-2014-8547\", \"CVE-2014-8548\", \"CVE-2014-8549\", \"CVE-2014-9316\", \"CVE-2014-9317\", \"CVE-2014-9318\", \"CVE-2014-9319\", \"CVE-2014-9602\", \"CVE-2014-9603\", \"CVE-2014-9604\", \"CVE-2015-3395\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201603-06\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-video/ffmpeg\", unaffected: make_list(\"ge 2.6.3\"), vulnerable: make_list(\"lt 2.6.3\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T09:48:12", "description": "Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The CVE IDs mentioned above\nare just a small portion of the security issues fixed in this update.\nA full list of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8\n.9", "edition": 17, "published": "2013-11-11T00:00:00", "title": "Debian DSA-2793-1 : libav - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0866", "CVE-2013-0853", "CVE-2013-0858", "CVE-2013-0854", "CVE-2013-0844", "CVE-2013-0857", "CVE-2013-0850"], "modified": "2013-11-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libav", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2793.NASL", "href": "https://www.tenable.com/plugins/nessus/70807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2793. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70807);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0844\", \"CVE-2013-0850\", \"CVE-2013-0853\", \"CVE-2013-0854\", \"CVE-2013-0857\", \"CVE-2013-0858\", \"CVE-2013-0866\");\n script_bugtraq_id(57868, 63796);\n script_xref(name:\"DSA\", value:\"2793\");\n\n script_name(english:\"Debian DSA-2793-1 : libav - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The CVE IDs mentioned above\nare just a small portion of the security issues fixed in this update.\nA full list of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8\n.9\"\n );\n # http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba5a8b32\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libav\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2793\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libav packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 0.8.9-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg-dbg\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ffmpeg-doc\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-dbg\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-doc\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-extra-dbg\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libav-tools\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec-dev\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec-extra-53\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavcodec53\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice-dev\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice-extra-53\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavdevice53\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter-dev\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter-extra-2\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavfilter2\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat-dev\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat-extra-53\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavformat53\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil-dev\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil-extra-51\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libavutil51\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc-dev\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc-extra-52\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpostproc52\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale-dev\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale-extra-2\", reference:\"0.8.9-1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libswscale2\", reference:\"0.8.9-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:04:55", "description": "The remote host is affected by the vulnerability described in GLSA-201603-06\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code or cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2016-03-14T00:00:00", "title": "GLSA-201603-06 : FFmpeg: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "modified": "2016-03-14T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ffmpeg"], "id": "GENTOO_GLSA-201603-06.NASL", "href": "https://www.tenable.com/plugins/nessus/89899", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201603-06.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89899);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0860\", \"CVE-2013-0861\", \"CVE-2013-0862\", \"CVE-2013-0863\", \"CVE-2013-0864\", \"CVE-2013-0865\", \"CVE-2013-0866\", \"CVE-2013-0867\", \"CVE-2013-0868\", \"CVE-2013-0872\", \"CVE-2013-0873\", \"CVE-2013-0874\", \"CVE-2013-0875\", \"CVE-2013-0876\", \"CVE-2013-0877\", \"CVE-2013-0878\", \"CVE-2013-4263\", \"CVE-2013-4264\", \"CVE-2013-4265\", \"CVE-2013-7008\", \"CVE-2013-7009\", \"CVE-2013-7010\", \"CVE-2013-7011\", \"CVE-2013-7012\", \"CVE-2013-7013\", \"CVE-2013-7014\", \"CVE-2013-7015\", \"CVE-2013-7016\", \"CVE-2013-7017\", \"CVE-2013-7018\", \"CVE-2013-7019\", \"CVE-2013-7020\", \"CVE-2013-7021\", \"CVE-2013-7022\", \"CVE-2013-7023\", \"CVE-2013-7024\", \"CVE-2014-2097\", \"CVE-2014-2098\", \"CVE-2014-2263\", \"CVE-2014-5271\", \"CVE-2014-5272\", \"CVE-2014-7937\", \"CVE-2014-8541\", \"CVE-2014-8542\", \"CVE-2014-8543\", \"CVE-2014-8544\", \"CVE-2014-8545\", \"CVE-2014-8546\", \"CVE-2014-8547\", \"CVE-2014-8548\", \"CVE-2014-8549\", \"CVE-2014-9316\", \"CVE-2014-9317\", \"CVE-2014-9318\", \"CVE-2014-9319\", \"CVE-2014-9602\", \"CVE-2014-9603\", \"CVE-2014-9604\", \"CVE-2015-3395\");\n script_xref(name:\"GLSA\", value:\"201603-06\");\n\n script_name(english:\"GLSA-201603-06 : FFmpeg: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201603-06\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FFmpeg. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code or cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201603-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-2.6.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 2.6.3\"), vulnerable:make_list(\"lt 2.6.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FFmpeg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-0866", "CVE-2013-0853", "CVE-2013-0858", "CVE-2013-0854", "CVE-2013-0844", "CVE-2013-0857", "CVE-2013-0850"], "description": "Memory corruptions on media formats parsing.", "edition": 1, "modified": "2013-11-18T00:00:00", "published": "2013-11-18T00:00:00", "id": "SECURITYVULNS:VULN:13409", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13409", "title": "libav memory corruptions", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-08-12T01:10:29", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0866", "CVE-2013-0853", "CVE-2013-0858", "CVE-2013-0854", "CVE-2013-0844", "CVE-2013-0857", "CVE-2013-0850"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2793-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 09, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libav\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-0844 CVE-2013-0850 CVE-2013-0853 CVE-2013-0854 \n CVE-2013-0857 CVE-2013-0858 CVE-2013-0866\n\nSeveral security issues have been corrected in multiple demuxers and \ndecoders of the libav multimedia library. The CVE IDs mentioned above are \njust a small portion of the security issues fixed in this update. A full\nlist of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.9\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.9-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.10-1.\n\nWe recommend that you upgrade your libav packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2013-11-09T14:26:28", "published": "2013-11-09T14:26:28", "id": "DEBIAN:DSA-2793-1:A8806", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00205.html", "title": "[SECURITY] [DSA 2793-1] libav security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:06:47", "description": "The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.", "edition": 6, "cvss3": {}, "published": "2013-12-07T21:55:00", "title": "CVE-2013-0854", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0854"], "modified": "2014-01-28T04:50:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:1.0", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2013-0854", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:47", "description": "The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.", "edition": 6, "cvss3": {}, "published": "2013-12-07T21:55:00", "title": "CVE-2013-0850", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0850"], "modified": "2014-01-28T04:50:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:1.0", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2013-0850", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0850", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:47", "description": "The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.", "edition": 6, "cvss3": {}, "published": "2013-12-07T21:55:00", "title": "CVE-2013-0857", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0857"], "modified": "2014-01-28T04:50:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:1.0", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2013-0857", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0857", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:47", "description": "The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.", "edition": 6, "cvss3": {}, "published": "2013-12-07T21:55:00", "title": "CVE-2013-0853", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0853"], "modified": "2014-01-28T04:50:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:1.0", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2013-0853", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0853", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:47", "description": "The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.", "edition": 6, "cvss3": {}, "published": "2013-12-07T21:55:00", "title": "CVE-2013-0858", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0858"], "modified": "2016-12-06T19:05:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:1.0.1", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:1.0.2", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:1.0.3", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2013-0858", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0858", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:47", "description": "The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.", "edition": 6, "cvss3": {}, "published": "2013-11-23T18:55:00", "title": "CVE-2013-0866", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0866"], "modified": "2016-12-03T03:00:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:1.1", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:1.0.1", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:1.0", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:1.1.1", "cpe:/a:ffmpeg:ffmpeg:1.0.2", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2013-0866", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0866", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:47", "description": "Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.", "edition": 6, "cvss3": {}, "published": "2013-12-07T21:55:00", "title": "CVE-2013-0844", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0844"], "modified": "2014-01-28T04:50:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.3.4", "cpe:/a:ffmpeg:ffmpeg:0.10.4", "cpe:/a:ffmpeg:ffmpeg:0.7.12", "cpe:/a:ffmpeg:ffmpeg:0.8.1", "cpe:/a:ffmpeg:ffmpeg:0.8.6", "cpe:/a:ffmpeg:ffmpeg:0.8.7", "cpe:/a:ffmpeg:ffmpeg:0.7.7", "cpe:/a:ffmpeg:ffmpeg:0.7.6", "cpe:/a:ffmpeg:ffmpeg:0.11", "cpe:/a:ffmpeg:ffmpeg:0.6.3", "cpe:/a:ffmpeg:ffmpeg:0.10", "cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:0.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5", "cpe:/a:ffmpeg:ffmpeg:0.3.2", "cpe:/a:ffmpeg:ffmpeg:0.8.11", "cpe:/a:ffmpeg:ffmpeg:1.0.1", "cpe:/a:ffmpeg:ffmpeg:0.8.10", "cpe:/a:ffmpeg:ffmpeg:0.5.1", "cpe:/a:ffmpeg:ffmpeg:0.4.2", "cpe:/a:ffmpeg:ffmpeg:0.7.8", "cpe:/a:ffmpeg:ffmpeg:0.5", "cpe:/a:ffmpeg:ffmpeg:0.3.3", "cpe:/a:ffmpeg:ffmpeg:0.7.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.5", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.5.3", "cpe:/a:ffmpeg:ffmpeg:0.6", "cpe:/a:ffmpeg:ffmpeg:0.8.8", "cpe:/a:ffmpeg:ffmpeg:0.9", "cpe:/a:ffmpeg:ffmpeg:0.5.2", "cpe:/a:ffmpeg:ffmpeg:0.10.3", "cpe:/a:ffmpeg:ffmpeg:0.4.3", "cpe:/a:ffmpeg:ffmpeg:0.5.4", "cpe:/a:ffmpeg:ffmpeg:1.0.2", "cpe:/a:ffmpeg:ffmpeg:0.3.1", "cpe:/a:ffmpeg:ffmpeg:0.7.11", "cpe:/a:ffmpeg:ffmpeg:0.7.4", "cpe:/a:ffmpeg:ffmpeg:0.7.5", "cpe:/a:ffmpeg:ffmpeg:0.4.4", "cpe:/a:ffmpeg:ffmpeg:0.8.2", "cpe:/a:ffmpeg:ffmpeg:1.0.3", "cpe:/a:ffmpeg:ffmpeg:0.6.1", "cpe:/a:ffmpeg:ffmpeg:0.7.1", "cpe:/a:ffmpeg:ffmpeg:0.9.1", "cpe:/a:ffmpeg:ffmpeg:0.4.5", "cpe:/a:ffmpeg:ffmpeg:0.6.2", "cpe:/a:ffmpeg:ffmpeg:0.5.4.6", "cpe:/a:ffmpeg:ffmpeg:0.7", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.8.0", "cpe:/a:ffmpeg:ffmpeg:0.4.8", "cpe:/a:ffmpeg:ffmpeg:0.7.3", "cpe:/a:ffmpeg:ffmpeg:0.8.5.4", "cpe:/a:ffmpeg:ffmpeg:0.7.9", "cpe:/a:ffmpeg:ffmpeg:0.4.0", "cpe:/a:ffmpeg:ffmpeg:0.8.5.3"], "id": "CVE-2013-0844", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0844", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.10:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:01", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8547", "CVE-2013-0861", "CVE-2014-9602", "CVE-2014-8544", "CVE-2014-8542", "CVE-2014-8545", "CVE-2013-7021", "CVE-2014-7937", "CVE-2013-0862", "CVE-2013-7022", "CVE-2014-2263", "CVE-2014-9316", "CVE-2014-8543", "CVE-2014-2098", "CVE-2014-2097", "CVE-2013-0863", "CVE-2014-9319", "CVE-2013-7015", "CVE-2013-0877", "CVE-2013-0875", "CVE-2013-7012", "CVE-2013-0866", "CVE-2013-0873", "CVE-2014-9604", "CVE-2013-0872", "CVE-2013-4264", "CVE-2013-4265", "CVE-2013-7019", "CVE-2013-7018", "CVE-2013-7017", "CVE-2015-3395", "CVE-2013-7016", "CVE-2014-8549", "CVE-2013-0860", "CVE-2013-7010", "CVE-2013-7023", "CVE-2014-8546", "CVE-2014-8548", "CVE-2014-9318", "CVE-2014-9317", "CVE-2014-5272", "CVE-2014-5271", "CVE-2013-0865", "CVE-2013-0867", "CVE-2013-7024", "CVE-2013-0878", "CVE-2013-7008", "CVE-2013-7011", "CVE-2014-9603", "CVE-2014-8541", "CVE-2013-7009", "CVE-2013-0876", "CVE-2013-0874", "CVE-2013-0864", "CVE-2013-0868", "CVE-2013-7014", "CVE-2013-7020", "CVE-2013-4263", "CVE-2013-7013"], "description": "### Background\n\nFFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. \n\n### Description\n\nMultiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-2.6.3\"", "edition": 1, "modified": "2016-03-12T00:00:00", "published": "2016-03-12T00:00:00", "id": "GLSA-201603-06", "href": "https://security.gentoo.org/glsa/201603-06", "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}