{"id": "SECURITYVULNS:VULN:9179", "bulletinFamily": "software", "title": "ffmpeg library code execution", "description": "Memory corruption on STR files parsing.", "published": "2008-07-30T00:00:00", "modified": "2008-07-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9179", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:20246"], "cvelist": ["CVE-2008-3162"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:30", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "a7b5d5f1f91a99cc70921192651b854c"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "ce67eb1593081d2b612f73de96d8b473"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "e3241828ef97dee63f926b45e0802655"}, {"key": "href", "hash": "37860dd4029952ec19051a645147a905"}, {"key": "modified", "hash": "79ff4e003707f093740ebecfd1adf5a3"}, {"key": "published", "hash": "79ff4e003707f093740ebecfd1adf5a3"}, {"key": "references", "hash": "e0c63b22b76da276178fb4b92d8de468"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "f027e8c804fa2b3c12c6490a44a2cd1a"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "ac7108848bb50b4d8f3b24b000b7893e796b5d785a0809abe1ff0675d126306b", "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-08-31T11:09:30"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3162"]}, {"type": "nessus", "idList": ["UBUNTU_USN-630-1.NASL", "MANDRIVA_MDVSA-2008-157.NASL", "FREEBSD_PKG_5CCB1C14E35711DDA7650030843D3802.NASL", "DEBIAN_DSA-1781.NASL", "GENTOO_GLSA-200901-07.NASL", "GENTOO_GLSA-200903-33.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20246"]}, {"type": "freebsd", "idList": ["5CCB1C14-E357-11DD-A765-0030843D3802"]}, {"type": "openvas", "idList": ["OPENVAS:830550", "OPENVAS:63240", "OPENVAS:136141256231063240", "OPENVAS:840272", "OPENVAS:1361412562310830550", "OPENVAS:136141256231063934", "OPENVAS:63934", "OPENVAS:136141256231063158", "OPENVAS:63158", "OPENVAS:136141256231063688"]}, {"type": "ubuntu", "idList": ["USN-630-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:32019"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1781-1:2960A"]}, {"type": "gentoo", "idList": ["GLSA-200901-07", "GLSA-200903-33"]}], "modified": "2018-08-31T11:09:30"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "affectedSoftware": [{"name": "ffmpeg", "operator": "eq", "version": "0.4"}]}

{"cve": [{"lastseen": "2018-11-01T05:11:56", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.", "modified": "2018-10-30T12:25:34", "published": "2008-07-14T19:41:00", "id": "CVE-2008-3162", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3162", "title": "CVE-2008-3162", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:08:29", "bulletinFamily": "scanner", "description": "It was discovered that ffmpeg did not correctly handle STR file\ndemuxing. If a user were tricked into processing a malicious STR file,\na remote attacker could execute arbitrary code with user privileges\nvia applications linked against ffmpeg.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-28T00:00:00", "published": "2008-07-29T00:00:00", "id": "UBUNTU_USN-630-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33759", "title": "Ubuntu 7.10 / 8.04 LTS : ffmpeg vulnerability (USN-630-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-630-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33759);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2008-3162\");\n script_xref(name:\"USN\", value:\"630-1\");\n\n script_name(english:\"Ubuntu 7.10 / 8.04 LTS : ffmpeg vulnerability (USN-630-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ffmpeg did not correctly handle STR file\ndemuxing. If a user were tricked into processing a malicious STR file,\na remote attacker could execute arbitrary code with user privileges\nvia applications linked against ffmpeg.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/630-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavutil-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavutil1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpostproc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpostproc1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libswscale-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libswscale1d\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ffmpeg\", pkgver:\"0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libavcodec-dev\", pkgver:\"0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libavcodec1d\", pkgver:\"0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libavformat-dev\", pkgver:\"0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libavformat1d\", pkgver:\"3:0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libavutil-dev\", pkgver:\"0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libavutil1d\", pkgver:\"0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libpostproc-dev\", pkgver:\"0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libpostproc1d\", pkgver:\"0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libswscale-dev\", pkgver:\"0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libswscale1d\", pkgver:\"0.cvs20070307-5ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ffmpeg\", pkgver:\"0.cvs20070307-5ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavcodec-dev\", pkgver:\"0.cvs20070307-5ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavcodec1d\", pkgver:\"0.cvs20070307-5ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavformat-dev\", pkgver:\"0.cvs20070307-5ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavformat1d\", pkgver:\"3:0.cvs20070307-5ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavutil-dev\", pkgver:\"0.cvs20070307-5ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libavutil1d\", pkgver:\"0.cvs20070307-5ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpostproc-dev\", pkgver:\"0.cvs20070307-5ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpostproc1d\", pkgver:\"0.cvs20070307-5ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libswscale-dev\", pkgver:\"0.cvs20070307-5ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libswscale1d\", pkgver:\"0.cvs20070307-5ubuntu7.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ffmpeg / libavcodec-dev / libavcodec1d / libavformat-dev / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:05", "bulletinFamily": "scanner", "description": "A vulnerability was found in how ffmpeg handled STR file demuxing. If\na user were tricked into processing a malicious STR file, a remote\nattacker could execute arbitrary code with user privileges via\napplications linked against ffmpeg (CVE-2008-3162).\n\nThe updated packages have been patched to correct this issue.", "modified": "2018-07-19T00:00:00", "published": "2009-04-23T00:00:00", "id": "MANDRIVA_MDVSA-2008-157.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36794", "title": "Mandriva Linux Security Advisory : ffmpeg (MDVSA-2008:157)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:157. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36794);\n script_version (\"1.11\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2008-3162\");\n script_xref(name:\"MDVSA\", value:\"2008:157\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ffmpeg (MDVSA-2008:157)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was found in how ffmpeg handled STR file demuxing. If\na user were tricked into processing a malicious STR file, a remote\nattacker could execute arbitrary code with user privileges via\napplications linked against ffmpeg (CVE-2008-3162).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avformats51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avformats52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64avutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg51-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg51-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavformats51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavformats52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libavutil49\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg51\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg51-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg51-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ffmpeg-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64avformats51-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64avutil49-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg51-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg51-devel-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg51-static-devel-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libavformats51-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libavutil49-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libffmpeg51-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libffmpeg51-devel-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libffmpeg51-static-devel-0.4.9-3.pre1.8994.2.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"ffmpeg-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64avformats52-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64avutil49-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64ffmpeg-devel-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64ffmpeg-static-devel-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64ffmpeg51-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libavformats52-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libavutil49-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libffmpeg-devel-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libffmpeg-static-devel-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libffmpeg51-0.4.9-3.pre1.11599.2.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:51", "bulletinFamily": "scanner", "description": "Secunia reports :\n\nThe vulnerability is caused due to a boundary error within the\n'str_read_packet()' function in libavformat/psxstr.c. This can be\nexploited to cause a heap-based buffer overflow via a specially\ncrafted STR file.", "modified": "2018-11-10T00:00:00", "published": "2009-01-16T00:00:00", "id": "FREEBSD_PKG_5CCB1C14E35711DDA7650030843D3802.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35401", "title": "FreeBSD : mplayer -- vulnerability in STR files processor (5ccb1c14-e357-11dd-a765-0030843d3802)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35401);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:41\");\n\n script_cve_id(\"CVE-2008-3162\");\n script_bugtraq_id(30154);\n script_xref(name:\"Secunia\", value:\"30994\");\n\n script_name(english:\"FreeBSD : mplayer -- vulnerability in STR files processor (5ccb1c14-e357-11dd-a765-0030843d3802)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nThe vulnerability is caused due to a boundary error within the\n'str_read_packet()' function in libavformat/psxstr.c. This can be\nexploited to cause a heap-based buffer overflow via a specially\ncrafted STR file.\"\n );\n # https://vuxml.freebsd.org/freebsd/5ccb1c14-e357-11dd-a765-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4dfc1b2f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mplayer<0.99.11_10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-esound<0.99.11_10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk<0.99.11_10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk-esound<0.99.11_10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2<0.99.11_10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mplayer-gtk2-esound<0.99.11_10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:09:16", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-0385\n It was discovered that watching a malformed 4X movie\n file could lead to the execution of arbitrary code.\n\n - CVE-2008-3162\n It was discovered that using a crafted STR file can lead\n to the execution of arbitrary code.", "modified": "2018-11-10T00:00:00", "published": "2009-04-30T00:00:00", "id": "DEBIAN_DSA-1781.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38640", "title": "Debian DSA-1781-1 : ffmpeg-debian - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1781. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38640);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2008-3162\", \"CVE-2009-0385\");\n script_bugtraq_id(33502);\n script_xref(name:\"DSA\", value:\"1781\");\n\n script_name(english:\"Debian DSA-1781-1 : ffmpeg-debian - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-0385\n It was discovered that watching a malformed 4X movie\n file could lead to the execution of arbitrary code.\n\n - CVE-2008-3162\n It was discovered that using a crafted STR file can lead\n to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1781\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ffmpeg-debian packages.\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 0.cvs20060823-8+etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-17+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ffmpeg-debian\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"ffmpeg\", reference:\"0.cvs20060823-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libavcodec-dev\", reference:\"0.cvs20060823-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libavcodec0d\", reference:\"0.cvs20060823-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libavformat-dev\", reference:\"0.cvs20060823-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libavformat0d\", reference:\"0.cvs20060823-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpostproc-dev\", reference:\"0.cvs20060823-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpostproc0d\", reference:\"0.cvs20060823-8+etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ffmpeg\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ffmpeg-dbg\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"ffmpeg-doc\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavcodec-dev\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavcodec51\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavdevice-dev\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavdevice52\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavformat-dev\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavformat52\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavutil-dev\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libavutil49\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpostproc-dev\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpostproc51\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libswscale-dev\", reference:\"0.svn20080206-17+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libswscale0\", reference:\"0.svn20080206-17+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:50", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200901-07\n(MPlayer: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in MPlayer:\n A\n stack-based buffer overflow was found in the str_read_packet() function\n in libavformat/psxstr.c when processing crafted STR files that\n interleave audio and video sectors (CVE-2008-3162).\n Felipe\n Andres Manzano reported multiple integer underflows in the\n demux_real_fill_buffer() function in demux_real.c when processing\n crafted Real Media files that cause the stream_read() function to read\n or write arbitrary memory (CVE-2008-3827).\n Tobias Klein\n reported a stack-based buffer overflow in the demux_open_vqf() function\n in libmpdemux/demux_vqf.c when processing malformed TwinVQ files\n (CVE-2008-5616).\nImpact :\n\n A remote attacker could entice a user to open a specially crafted STR,\n Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of\n Service.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-08-10T00:00:00", "published": "2009-01-13T00:00:00", "id": "GENTOO_GLSA-200901-07.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35355", "title": "GLSA-200901-07 : MPlayer: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200901-07.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35355);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2008-3162\", \"CVE-2008-3827\", \"CVE-2008-5616\");\n script_xref(name:\"GLSA\", value:\"200901-07\");\n\n script_name(english:\"GLSA-200901-07 : MPlayer: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200901-07\n(MPlayer: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in MPlayer:\n A\n stack-based buffer overflow was found in the str_read_packet() function\n in libavformat/psxstr.c when processing crafted STR files that\n interleave audio and video sectors (CVE-2008-3162).\n Felipe\n Andres Manzano reported multiple integer underflows in the\n demux_real_fill_buffer() function in demux_real.c when processing\n crafted Real Media files that cause the stream_read() function to read\n or write arbitrary memory (CVE-2008-3827).\n Tobias Klein\n reported a stack-based buffer overflow in the demux_open_vqf() function\n in libmpdemux/demux_vqf.c when processing malformed TwinVQ files\n (CVE-2008-5616).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted STR,\n Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of\n Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200901-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All MPlayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p28058-r1 '\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/mplayer\", unaffected:make_list(\"ge 1.0_rc2_p28058-r1 \"), vulnerable:make_list(\"lt 1.0_rc2_p28058-r1 \"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MPlayer\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:08:56", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200903-33\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities were found in FFmpeg:\n astrange\n reported a stack-based buffer overflow in the str_read_packet() in\n libavformat/psxstr.c when processing .str files (CVE-2008-3162).\n Multiple buffer overflows in libavformat/utils.c\n (CVE-2008-4866).\n A buffer overflow in libavcodec/dca.c\n (CVE-2008-4867).\n An unspecified vulnerability in the\n avcodec_close() function in libavcodec/utils.c (CVE-2008-4868).\n Unspecified memory leaks (CVE-2008-4869).\n Tobias Klein\n repoerted a NULL pointer dereference due to an integer signedness error\n in the fourxm_read_header() function in libavformat/4xm.c\n (CVE-2009-0385).\nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly leading to the execution of arbitrary code with the\n privileges of the user running the application, or a Denial of Service.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "published": "2009-03-20T00:00:00", "id": "GENTOO_GLSA-200903-33.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35969", "title": "GLSA-200903-33 : FFmpeg: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200903-33.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35969);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2008-3162\", \"CVE-2008-4866\", \"CVE-2008-4867\", \"CVE-2008-4868\", \"CVE-2008-4869\", \"CVE-2009-0385\");\n script_bugtraq_id(33502);\n script_xref(name:\"GLSA\", value:\"200903-33\");\n\n script_name(english:\"GLSA-200903-33 : FFmpeg: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200903-33\n(FFmpeg: Multiple vulnerabilities)\n\n Multiple vulnerabilities were found in FFmpeg:\n astrange\n reported a stack-based buffer overflow in the str_read_packet() in\n libavformat/psxstr.c when processing .str files (CVE-2008-3162).\n Multiple buffer overflows in libavformat/utils.c\n (CVE-2008-4866).\n A buffer overflow in libavcodec/dca.c\n (CVE-2008-4867).\n An unspecified vulnerability in the\n avcodec_close() function in libavcodec/utils.c (CVE-2008-4868).\n Unspecified memory leaks (CVE-2008-4869).\n Tobias Klein\n repoerted a NULL pointer dereference due to an integer signedness error\n in the fourxm_read_header() function in libavformat/4xm.c\n (CVE-2009-0385).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file, possibly leading to the execution of arbitrary code with the\n privileges of the user running the application, or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200903-33\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-0.4.9_p20090201'\n All gst-plugins-ffmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-plugins/gst-plugins-ffmpeg-0.10.5'\n All Mplayer users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p28450'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gst-plugins-ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-plugins/gst-plugins-ffmpeg\", unaffected:make_list(\"ge 0.10.5\"), vulnerable:make_list(\"lt 0.10.5\"))) flag++;\nif (qpkg_check(package:\"media-video/mplayer\", unaffected:make_list(\"ge 1.0_rc2_p28450\"), vulnerable:make_list(\"lt 1.0_rc2_p28450\"))) flag++;\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 0.4.9_p20090201\"), vulnerable:make_list(\"lt 0.4.9_p20090201\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FFmpeg\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:56:28", "bulletinFamily": "scanner", "description": "Check for the Version of ffmpeg", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830550", "id": "OPENVAS:830550", "title": "Mandriva Update for ffmpeg MDVSA-2008:157 (ffmpeg)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ffmpeg MDVSA-2008:157 (ffmpeg)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found in how ffmpeg handled STR file demuxing.\n If a user were tricked into processing a malicious STR file, a\n remote attacker could execute arbitrary code with user privileges\n via applications linked against ffmpeg (CVE-2008-3162).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"ffmpeg on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00047.php\");\n script_id(830550);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:157\");\n script_cve_id(\"CVE-2008-3162\");\n script_name( \"Mandriva Update for ffmpeg MDVSA-2008:157 (ffmpeg)\");\n\n script_summary(\"Check for the Version of ffmpeg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats51\", rpm:\"libavformats51~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51-devel\", rpm:\"libffmpeg51-devel~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51-static-devel\", rpm:\"libffmpeg51-static-devel~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats51\", rpm:\"lib64avformats51~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51-devel\", rpm:\"lib64ffmpeg51-devel~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51-static-devel\", rpm:\"lib64ffmpeg51-static-devel~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:41", "bulletinFamily": "scanner", "description": "Check for the Version of ffmpeg", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830550", "id": "OPENVAS:1361412562310830550", "type": "openvas", "title": "Mandriva Update for ffmpeg MDVSA-2008:157 (ffmpeg)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ffmpeg MDVSA-2008:157 (ffmpeg)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was found in how ffmpeg handled STR file demuxing.\n If a user were tricked into processing a malicious STR file, a\n remote attacker could execute arbitrary code with user privileges\n via applications linked against ffmpeg (CVE-2008-3162).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"ffmpeg on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00047.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830550\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:157\");\n script_cve_id(\"CVE-2008-3162\");\n script_name( \"Mandriva Update for ffmpeg MDVSA-2008:157 (ffmpeg)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ffmpeg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats51\", rpm:\"libavformats51~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51-devel\", rpm:\"libffmpeg51-devel~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51-static-devel\", rpm:\"libffmpeg51-static-devel~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats51\", rpm:\"lib64avformats51~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51-devel\", rpm:\"lib64ffmpeg51-devel~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51-static-devel\", rpm:\"lib64ffmpeg51-static-devel~0.4.9~3.pre1.8994.2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ffmpeg\", rpm:\"ffmpeg~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavformats52\", rpm:\"libavformats52~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libavutil49\", rpm:\"libavutil49~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg51\", rpm:\"libffmpeg51~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-devel\", rpm:\"libffmpeg-devel~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libffmpeg-static-devel\", rpm:\"libffmpeg-static-devel~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avformats52\", rpm:\"lib64avformats52~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64avutil49\", rpm:\"lib64avutil49~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg51\", rpm:\"lib64ffmpeg51~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-devel\", rpm:\"lib64ffmpeg-devel~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ffmpeg-static-devel\", rpm:\"lib64ffmpeg-static-devel~0.4.9~3.pre1.11599.2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:02", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-630-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840272", "id": "OPENVAS:840272", "title": "Ubuntu Update for ffmpeg vulnerability USN-630-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_630_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for ffmpeg vulnerability USN-630-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that ffmpeg did not correctly handle STR file\n demuxing. If a user were tricked into processing a malicious STR file,\n a remote attacker could execute arbitrary code with user privileges via\n applications linked against ffmpeg.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-630-1\";\ntag_affected = \"ffmpeg vulnerability on Ubuntu 7.10 ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-630-1/\");\n script_id(840272);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"630-1\");\n script_cve_id(\"CVE-2008-3162\");\n script_name( \"Ubuntu Update for ffmpeg vulnerability USN-630-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec1d\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat1d\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil1d\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc1d\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale1d\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.cvs20070307-5ubuntu7.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavcodec1d\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavformat1d\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libavutil1d\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpostproc1d\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libswscale1d\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.cvs20070307-5ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:56", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63240", "id": "OPENVAS:63240", "title": "mplayer -- vulnerability in STR files processor", "type": "openvas", "sourceData": "#\n#VID 5ccb1c14-e357-11dd-a765-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 5ccb1c14-e357-11dd-a765-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n mplayer\n mplayer-esound\n mplayer-gtk\n mplayer-gtk-esound\n mplayer-gtk2\n mplayer-gtk2-esound\n\nCVE-2008-3162\nStack-based buffer overflow in the str_read_packet function in\nlibavformat/psxstr.c in FFmpeg before r13993 allows remote attackers\nto cause a denial of service (application crash) or execute arbitrary\ncode via a crafted STR file that interleaves audio and video sectors.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/30994\nhttps://roundup.mplayerhq.hu/roundup/ffmpeg/issue311\nhttp://www.vuxml.org/freebsd/5ccb1c14-e357-11dd-a765-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63240);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-3162\");\n script_bugtraq_id(30157);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"mplayer -- vulnerability in STR files processor\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-esound\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer-esound version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer-gtk version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk-esound\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer-gtk-esound version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk2-esound\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer-gtk2-esound version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063240", "id": "OPENVAS:136141256231063240", "type": "openvas", "title": "mplayer -- vulnerability in STR files processor", "sourceData": "#\n#VID 5ccb1c14-e357-11dd-a765-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 5ccb1c14-e357-11dd-a765-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n mplayer\n mplayer-esound\n mplayer-gtk\n mplayer-gtk-esound\n mplayer-gtk2\n mplayer-gtk2-esound\n\nCVE-2008-3162\nStack-based buffer overflow in the str_read_packet function in\nlibavformat/psxstr.c in FFmpeg before r13993 allows remote attackers\nto cause a denial of service (application crash) or execute arbitrary\ncode via a crafted STR file that interleaves audio and video sectors.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/30994\nhttps://roundup.mplayerhq.hu/roundup/ffmpeg/issue311\nhttp://www.vuxml.org/freebsd/5ccb1c14-e357-11dd-a765-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63240\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-3162\");\n script_bugtraq_id(30157);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"mplayer -- vulnerability in STR files processor\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mplayer\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-esound\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer-esound version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer-gtk version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk-esound\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer-gtk-esound version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer-gtk2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"mplayer-gtk2-esound\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.99.11_10\")<0) {\n txt += 'Package mplayer-gtk2-esound version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 1781-1.", "modified": "2017-07-07T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63934", "id": "OPENVAS:63934", "title": "Debian Security Advisory DSA 1781-1 (ffmpeg-debian)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1781_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1781-1 (ffmpeg-debian)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\n\nCVE-2009-0385\n\nIt was discovered that watching a malformed 4X movie file could lead to\nthe execution of arbitrary code.\n\nCVE-2008-3162\n\nIt was discovered that using a crafted STR file can lead to the\nexecution of arbitrary code.\n\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 0.cvs20060823-8+etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-17+lenny1.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 0.svn20080206-16.\n\n\nWe recommend that you upgrade your ffmpeg-debian packages.\";\ntag_summary = \"The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 1781-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201781-1\";\n\n\nif(description)\n{\n script_id(63934);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-0385\", \"CVE-2008-3162\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1781-1 (ffmpeg-debian)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libavcodec0d\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc0d\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat0d\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec51\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 1781-1.", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063934", "id": "OPENVAS:136141256231063934", "type": "openvas", "title": "Debian Security Advisory DSA 1781-1 (ffmpeg-debian)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1781_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1781-1 (ffmpeg-debian)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\n\nCVE-2009-0385\n\nIt was discovered that watching a malformed 4X movie file could lead to\nthe execution of arbitrary code.\n\nCVE-2008-3162\n\nIt was discovered that using a crafted STR file can lead to the\nexecution of arbitrary code.\n\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 0.cvs20060823-8+etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-17+lenny1.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 0.svn20080206-16.\n\n\nWe recommend that you upgrade your ffmpeg-debian packages.\";\ntag_summary = \"The remote host is missing an update to ffmpeg-debian\nannounced via advisory DSA 1781-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201781-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63934\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-0385\", \"CVE-2008-3162\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1781-1 (ffmpeg-debian)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libavcodec0d\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc0d\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat0d\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.cvs20060823-8+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-doc\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg-dbg\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice52\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc51\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libswscale0\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec51\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavdevice-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat52\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavutil49\", ver:\"0.svn20080206-17+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:35", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200901-07.", "modified": "2017-07-07T00:00:00", "published": "2009-01-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63158", "id": "OPENVAS:63158", "title": "Gentoo Security Advisory GLSA 200901-07 (mplayer)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary\ncode or a Denial of Service.\";\ntag_solution = \"All MPlayer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p28058-r1 '\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200901-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=231836\nhttp://bugs.gentoo.org/show_bug.cgi?id=239130\nhttp://bugs.gentoo.org/show_bug.cgi?id=251017\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200901-07.\";\n\n \n \n\nif(description)\n{\n script_id(63158);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2008-3162\", \"CVE-2008-3827\", \"CVE-2008-5616\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200901-07 (mplayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/mplayer\", unaffected: make_list(\"ge 1.0_rc2_p28058-r1\"), vulnerable: make_list(\"lt 1.0_rc2_p28058-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:45", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200901-07.", "modified": "2018-04-06T00:00:00", "published": "2009-01-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063158", "id": "OPENVAS:136141256231063158", "title": "Gentoo Security Advisory GLSA 200901-07 (mplayer)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary\ncode or a Denial of Service.\";\ntag_solution = \"All MPlayer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p28058-r1 '\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200901-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=231836\nhttp://bugs.gentoo.org/show_bug.cgi?id=239130\nhttp://bugs.gentoo.org/show_bug.cgi?id=251017\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200901-07.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63158\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2008-3162\", \"CVE-2008-3827\", \"CVE-2008-5616\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200901-07 (mplayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/mplayer\", unaffected: make_list(\"ge 1.0_rc2_p28058-r1\"), vulnerable: make_list(\"lt 1.0_rc2_p28058-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:10", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-33.", "modified": "2017-07-07T00:00:00", "published": "2009-03-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63688", "id": "OPENVAS:63688", "title": "Gentoo Security Advisory GLSA 200903-33 (ffmpeg gst-plugins-ffmpeg mplayer)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in FFmpeg may lead to the remote execution of\narbitrary code or a Denial of Service.\";\ntag_solution = \"All FFmpeg users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-0.4.9_p20090201'\n\nAll gst-plugins-ffmpeg users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-plugins/gst-plugins-ffmpeg-0.10.5'\n\nAll Mplayer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p28450'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-33\nhttp://bugs.gentoo.org/show_bug.cgi?id=231831\nhttp://bugs.gentoo.org/show_bug.cgi?id=231834\nhttp://bugs.gentoo.org/show_bug.cgi?id=245313\nhttp://bugs.gentoo.org/show_bug.cgi?id=257217\nhttp://bugs.gentoo.org/show_bug.cgi?id=257381\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-33.\";\n\n \n \n\nif(description)\n{\n script_id(63688);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2008-3162\", \"CVE-2008-4866\", \"CVE-2008-4867\", \"CVE-2008-4868\", \"CVE-2008-4869\", \"CVE-2009-0385\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200903-33 (ffmpeg gst-plugins-ffmpeg mplayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/ffmpeg\", unaffected: make_list(\"ge 0.4.9_p20090201\"), vulnerable: make_list(\"lt 0.4.9_p20090201\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-plugins/gst-plugins-ffmpeg\", unaffected: make_list(\"ge 0.10.5\"), vulnerable: make_list(\"lt 0.10.5\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-video/mplayer\", unaffected: make_list(\"ge 1.0_rc2_p28450\"), vulnerable: make_list(\"lt 1.0_rc2_p28450\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "description": "===========================================================\r\nUbuntu Security Notice USN-630-1 July 28, 2008\r\nffmpeg vulnerability\r\nCVE-2008-3162\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 7.10\r\nUbuntu 8.04 LTS\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 7.10:\r\n libavformat1d 3:0.cvs20070307-5ubuntu4.1\r\n\r\nUbuntu 8.04 LTS:\r\n libavformat1d 3:0.cvs20070307-5ubuntu7.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that ffmpeg did not correctly handle STR file\r\ndemuxing. If a user were tricked into processing a malicious STR file,\r\na remote attacker could execute arbitrary code with user privileges via\r\napplications linked against ffmpeg.\r\n\r\n\r\nUpdated packages for Ubuntu 7.10:\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu4.1.diff.gz\r\n Size/MD5: 38804 cf88843af832d9d7d34ac1337289e4b4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu4.1.dsc\r\n Size/MD5: 1334 5a6c6a3f0a36888d2e151c611eb68822\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/ffmpeg_0.cvs20070307.orig.tar.gz\r\n Size/MD5: 2593100 2fe579de8a26351cc3b0b0e443acb09f\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec-dev_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 1752240 72e26454383cf6925eddd02ea982ea58\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec1d_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 1571932 d96c44e73690d7acbb38ad664f94da6d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat-dev_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 346062 0879fcb6cec97444f728c7d3d53a4810\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat1d_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 275856 9a77c31a9989d2544d905b18e21d1ac7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil-dev_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 51326 9c84f676726613bc266a504999664664\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil1d_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 37924 fab102ddfb2e3400b6a0152a07c8a046\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc-dev_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 68276 3d02d1a046347047bfdbde434dee3503\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc1d_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 67506 ce25eac35404f421661150e4a74afb86\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale-dev_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 113262 7e3e0095fe604289d321b139ebb36077\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale1d_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 95636 b017f890d024b73f522f4afba6142e5e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu4.1_amd64.deb\r\n Size/MD5: 192304 dc70d1c702084fd0b96e97d104b9dd7f\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec-dev_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 1739398 ce3a2543e44745b99fae1225f17f09d0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec1d_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 1610974 e809e431c1ba15552d0345729ef1a72a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat-dev_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 332978 b6b612b3b541e8dd0145cdafe3eca70a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat1d_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 286784 d78389a00d6a5428773c99aac5db89a7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil-dev_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 50802 0c817a0af54a144b0b67aa6c4e404ab0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil1d_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 39628 fa79ef5602771232d50826beadfddab1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc-dev_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 71730 2bba959fed019abe15160ec56c887b1f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc1d_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 71602 e56394600a50631ed107762647d8b1c5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale-dev_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 110336 12358d12982af0aa60aec03e76614410\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale1d_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 96486 b7bae0ef74f9f4f4ab22e4596d079a7c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu4.1_i386.deb\r\n Size/MD5: 188886 97ef3ef5f873bb37396df065d794006a\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavcodec-dev_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 1793980 b0a1d7bdd50f2fa00b749f4aec5cd16d\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavcodec1d_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 1655338 02c736a77158ed9ee943b0dbf7d96079\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavformat-dev_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 332760 71a2a22ab9c94e50a12c4d9b57790b16\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavformat1d_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 284234 8c1d710576f0d826326ffc3923060a2e\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavutil-dev_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 50688 a5f70265bd43dc1a37990505ce1fd0e7\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavutil1d_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 38802 b3afd4402bd4c27de3d7c86d74abce5c\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libpostproc-dev_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 75440 dbf1f087ee379f0ecfe259949cc80dc6\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libpostproc1d_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 75680 12ccc80b28fa9ee18a6054f30779a05e\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libswscale-dev_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 115030 e79e080b31b0077f74c79357545665e4\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libswscale1d_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 103508 c50780178e28b936bba6759e3355fc1c\r\n \r\nhttp://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu4.1_lpia.deb\r\n Size/MD5: 189726 1425e2ab1099c5a43d595625c7ea0b2d\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec-dev_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 1786516 7642d546af618a39d8d7ff96367aa6b7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec1d_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 1571816 c1127c579155c768313bce6da1e9bbf2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat-dev_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 369766 73e30de099cdb8913b4b4380df1722e0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat1d_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 308990 fe178bab973e330a76af55f10ae31686\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil-dev_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 54466 d6e9e2de8330224c7ee1fcd146c24b44\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil1d_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 44524 20fc865f59f6a393e543ee876acb95b5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc-dev_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 64398 7592823263f8755d91f7e33142bd4d0c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc1d_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 63578 076270e4534c561ddf00221fb8c24585\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale-dev_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 109154 77a97320b092d4df4edcedde8a8fac11\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale1d_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 87104 b8910a749fd92242f65a1f9971b7f6e6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu4.1_powerpc.deb\r\n Size/MD5: 218952 693402dbae06cc98810d414e6b1e3441\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec-dev_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 1791608 22630f8d493c28cbca96b04f5fc29aa7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec1d_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 1608856 f1e59503f63ce0fe20c4f125423f1ccc\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat-dev_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 341770 ca4515cfd3f208dae650dc27d9a0f7ba\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat1d_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 282402 5655c9331b67b3e193b5be7a1a387f79\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil-dev_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 52228 dd6683dd9ed6c5a61195cc53a000cc50\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil1d_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 40256 5f9e54f91866042ec940a89291a8556e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc-dev_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 42178 1fcc944db6893895f9a3c2a74a003cae\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc1d_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 42350 a848235523e70dab1c3c366efe2398e2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale-dev_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 80836 3a1cec10ab05fb84bd8eb0e7656f1b6d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale1d_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 65724 9d958ef7735aeb8f61bc9fe7241dab49\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu4.1_sparc.deb\r\n Size/MD5: 194892 3eece25c5e0eb6c586707b90e435b135\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu7.1.diff.gz\r\n Size/MD5: 39397 85e451f76aa9af33da574d59825e5edd\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu7.1.dsc\r\n Size/MD5: 1325 6a69b5336da6c3bc76ff7a84dc5e3503\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/ffmpeg_0.cvs20070307.orig.tar.gz\r\n Size/MD5: 2593100 2fe579de8a26351cc3b0b0e443acb09f\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec-dev_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 1756540 30a27df69313f680688c1cd18cb01a5b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec1d_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 1574200 b0a5384973d942f4a7bf46b698d1a685\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat-dev_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 346284 9660d3845793b651e17876c5048fd19b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat1d_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 275254 5269350a4beb3b5236e4e9b8b6b7235f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil-dev_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 51346 f0bc0d2aa5d66c925a03729575ea0c67\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil1d_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 37654 4cd93ceac0d629dac9df69e42d712789\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc-dev_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 68454 31396cdc8958039ce188abb645971a43\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc1d_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 67660 1ce82bf69e7d8369639daedd199f1eef\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale-dev_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 113528 211a8e9de3021cfc9a94ccc4cc96a903\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale1d_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 95910 7ce06459bda72cc7aca7618269094e64\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu7.1_amd64.deb\r\n Size/MD5: 195672 5e9352bf7bf38f484e6c9a367bd06004\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec-dev_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 1737540 3a324359bc5dc7fdcb49941b6ca67957\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavcodec1d_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 1602324 356168e60e043928c790b9cf95cf2608\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat-dev_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 332904 a98335add0631ed73b8ba7ce8901d115\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavformat1d_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 286844 57012d5df173057e360a8bec3a7df119\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil-dev_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 50976 e897be483fe052674e68eb9c15180244\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libavutil1d_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 39060 1ca97166ba285c4ad1436b35dc1be138\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc-dev_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 73548 fff5397fa4f6cb558ed46f2b7c764544\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libpostproc1d_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 73434 4a7fb1cef612d2bc992ac8029ed6508e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale-dev_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 112230 04c4c3d95c4528d6ffe09a00ccd73d09\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/f/ffmpeg/libswscale1d_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 97586 6fecdf43d8fa789d9117d7adfa4835d5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu7.1_i386.deb\r\n Size/MD5: 191998 90a87376a7e472dd37bd3ecfe66a8a30\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavcodec-dev_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 1793706 10465e8801a5c109e9fac61e590afa50\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavcodec1d_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 1652838 307ee3e5d7b1d83e3faa8c51c2b77162\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavformat-dev_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 333188 47d828d0b0ccfa5bf23075701b81a94e\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavformat1d_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 283466 c1720fce1e21d825264efe97c61ce1f2\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavutil-dev_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 51024 b1d6d6f15e81bed1eb9ed7d128061740\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavutil1d_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 38926 9e1a6b67000fc1cfd34d058a0670724a\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libpostproc-dev_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 75826 51d46dfc71c44b083ce324d4c09b35e3\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libpostproc1d_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 76104 5d4dfc3fc7e33d22a74a9c28a6106245\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libswscale-dev_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 116906 dc88aec0e4e644ebce4ca590bf173884\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libswscale1d_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 101546 e3346bec4cfb8d0add0f407f7fd1ef21\r\n \r\nhttp://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu7.1_lpia.deb\r\n Size/MD5: 193692 a70fab551eb16ea059861f96160bd23c\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavcodec-dev_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 1776030 78e0177e4537ac3415d87475d10979bd\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavcodec1d_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 1568236 a44e61073e63d6c5d771cc62dadaebcf\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavformat-dev_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 375506 f205a8e3354cb81c912865e716fad41d\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavformat1d_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 308630 87bbc889a612b03bf05f1e5df3c80b1d\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavutil-dev_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 55372 dc4ae8123f5fe161dd03148d956778ca\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavutil1d_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 45530 ec7015a3891c4be9449193324ad66689\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libpostproc-dev_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 64902 b6a985bdccac0a20bb774db2339fba92\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libpostproc1d_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 64824 db5675cbfde6770811ec7cb0ab1af5e9\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libswscale-dev_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 109806 59ca6b60cb869384d55e95744fe70bc9\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libswscale1d_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 87034 440121c645a879375d0cb0db4a8a354f\r\n \r\nhttp://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu7.1_powerpc.deb\r\n Size/MD5: 222746 edad10daceb46ec76c1cc75bd4a218d5\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavcodec-dev_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 1797086 87e64a466204e69220b40524a6cad862\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavcodec1d_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 1628922 3e4ecc4edba69d5946c10f4eea9c1ab9\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavformat-dev_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 340538 f0afcd90b412c6434457a7a37ee83eea\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavformat1d_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 281118 b0ea1680c9c1bd7318bca0cea01e538a\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavutil-dev_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 52262 5439184f6494a0a53d5b5aecb92d42c5\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libavutil1d_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 40074 ebed2c6d472a1d61ab99fcf2d37a1384\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libpostproc-dev_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 43232 19eccdbdc78f477ac09848eac0d53221\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libpostproc1d_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 43148 edb0e4fbe7ec32d766b76aba5d2ef990\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libswscale-dev_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 80030 e2ecf61b842f4357b50fddb1597422d6\r\n \r\nhttp://ports.ubuntu.com/pool/main/f/ffmpeg/libswscale1d_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 65136 c6164fe28a478b9493daaedf58678248\r\n \r\nhttp://ports.ubuntu.com/pool/universe/f/ffmpeg/ffmpeg_0.cvs20070307-5ubuntu7.1_sparc.deb\r\n Size/MD5: 198336 01502ada60ef0f28299af16b65178236\r\n", "modified": "2008-07-30T00:00:00", "published": "2008-07-30T00:00:00", "id": "SECURITYVULNS:DOC:20246", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20246", "title": "[USN-630-1] ffmpeg vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:33", "bulletinFamily": "unix", "description": "It was discovered that ffmpeg did not correctly handle STR file demuxing. If a user were tricked into processing a malicious STR file, a remote attacker could execute arbitrary code with user privileges via applications linked against ffmpeg.", "modified": "2008-07-28T00:00:00", "published": "2008-07-28T00:00:00", "id": "USN-630-1", "href": "https://usn.ubuntu.com/630-1/", "title": "ffmpeg vulnerability", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:29", "bulletinFamily": "unix", "description": "\nSecunia reports:\n\nThe vulnerability is caused due to a boundary error within the\n\t \"str_read_packet()\" function in libavformat/psxstr.c. This can be\n\t exploited to cause a heap-based buffer overflow via a specially\n\t crafted STR file.\n\n", "modified": "2008-07-09T00:00:00", "published": "2008-07-09T00:00:00", "id": "5CCB1C14-E357-11DD-A765-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/5ccb1c14-e357-11dd-a765-0030843d3802.html", "title": "mplayer -- vulnerability in STR files processor", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T15:59:40", "bulletinFamily": "exploit", "description": "FFmpeg libavformat 'psxstr.c' STR Data Heap Based Buffer Overflow Vulnerability. CVE-2008-3162. Dos exploit for linux platform", "modified": "2008-07-09T00:00:00", "published": "2008-07-09T00:00:00", "id": "EDB-ID:32019", "href": "https://www.exploit-db.com/exploits/32019/", "type": "exploitdb", "title": "FFmpeg libavformat 'psxstr.c' STR Data Heap Based Buffer Overflow Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/30154/info\r\n\r\nThe 'libavformat' library from FFmpeg is prone to a remote heap-based buffer-overflow vulnerability because of insufficient boundary checks when parsing STR data.\r\n\r\nRemote attackers can exploit this issue by enticing victims into opening maliciously crafted STR files with an application that uses the affected library.\r\n\r\nSuccessful exploits may allow attackers to execute arbitrary code within the context of an affected application. Failed exploit attempts will likely result in a denial of service. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32019.iki", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/32019/"}], "debian": [{"lastseen": "2018-10-16T22:15:08", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1781-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nApril 29, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : ffmpeg-debian\nVulnerability : several vulnerabilities\nProblem type : local (remote)\nDebian-specific: no\nCVE Ids : CVE-2009-0385 CVE-2008-3162\nDebian Bugs : 524799 489965\n\n\nSeveral vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\n\nCVE-2009-0385\n\nIt was discovered that watching a malformed 4X movie file could lead to\nthe execution of arbitrary code.\n\nCVE-2008-3162\n\nIt was discovered that using a crafted STR file can lead to the\nexecution of arbitrary code.\n\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 0.cvs20060823-8+etch1.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-17+lenny1.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 0.svn20080206-16.\n\n\nWe recommend that you upgrade your ffmpeg-debian packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1.dsc\n Size/MD5 checksum: 1271 9ec2715aea4be5b91b1ed1e694d71e72\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823.orig.tar.gz\n Size/MD5 checksum: 2309921 12e2e5d9e46ebfd08851b05665ecce25\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1.diff.gz\n Size/MD5 checksum: 37279 acab6c61a1f82caa6e44da962f40db41\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_alpha.deb\n Size/MD5 checksum: 1758996 d6d582615c3b06220f87e480599ae780\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_alpha.deb\n Size/MD5 checksum: 468626 ca150f7e2ecb6be6e61426ce5a87dfc9\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_alpha.deb\n Size/MD5 checksum: 44738 77bdfc1faf07b98af2a7c74cbd8a8227\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_alpha.deb\n Size/MD5 checksum: 1954418 c147594951f7233d8a3878c18845137f\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_alpha.deb\n Size/MD5 checksum: 193846 811504b6006ac5fa9687aa6315e74a20\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_alpha.deb\n Size/MD5 checksum: 315844 93ae83ed9fc96a8fc274dd6148577d58\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_alpha.deb\n Size/MD5 checksum: 46530 62191f7707e034589e64f83caf17c74d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_amd64.deb\n Size/MD5 checksum: 64986 028d66d1ace6ef0046362b218ad10f11\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_amd64.deb\n Size/MD5 checksum: 64098 6fe0063a201e3da5bd395cddf8f539a9\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_amd64.deb\n Size/MD5 checksum: 1550626 e3c31d11701a70bfa542dd693fa43c78\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_amd64.deb\n Size/MD5 checksum: 268932 4635daf9397ea8e83f90c1419c3fbde2\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_amd64.deb\n Size/MD5 checksum: 335418 09c864a8cb6f0afc41b8a0efcb2ba3eb\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_amd64.deb\n Size/MD5 checksum: 181666 d4391f84650eedae1416ef90bc8a566e\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_amd64.deb\n Size/MD5 checksum: 1486582 55b812b62b08173cc95eb4b19c256cdc\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_arm.deb\n Size/MD5 checksum: 272146 0fdea35e661f6025a24a7550766eb49a\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_arm.deb\n Size/MD5 checksum: 1770012 39914b1591fdd4b921f3b5ea8892c567\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_arm.deb\n Size/MD5 checksum: 323124 eabd77d7e52ed94dcdb9ff97c062447f\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_arm.deb\n Size/MD5 checksum: 38258 11c8c71d1d7dcd1400f48f6a127899b5\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_arm.deb\n Size/MD5 checksum: 38560 909228a47a6800be111bea2daac2f35a\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_arm.deb\n Size/MD5 checksum: 1790764 f57a5d09eaf689e8c87fbf49bcbfe551\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_arm.deb\n Size/MD5 checksum: 187818 04d7b964177f8b8fec3a2f25ba7e3a12\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_hppa.deb\n Size/MD5 checksum: 1657466 831e2cc7b3fddd9367322651e7673122\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_hppa.deb\n Size/MD5 checksum: 41706 87cd08cb44183222beb99e6f651e0812\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_hppa.deb\n Size/MD5 checksum: 322398 5199bfcbd3d60ea85383c5374484363c\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_hppa.deb\n Size/MD5 checksum: 200736 6c66ec24f63aad7a85d55fa77fb8f8b1\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_hppa.deb\n Size/MD5 checksum: 382628 f82d6e0635f38cf82b71a60aed8787df\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_hppa.deb\n Size/MD5 checksum: 1742980 8da6bcd8079b5e6bdcbe85391cb63ef6\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_hppa.deb\n Size/MD5 checksum: 41824 4f0f2e3a9cf2964ef3d2bd0a8b9349fa\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_i386.deb\n Size/MD5 checksum: 37560 c47391aec564ebc180adca1513828074\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_i386.deb\n Size/MD5 checksum: 286526 f731a6c8377ee91feab474f4d5aaa8e8\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_i386.deb\n Size/MD5 checksum: 37934 72ed15718afa2d3903fc38d4e4959276\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_i386.deb\n Size/MD5 checksum: 1582552 e232e7971b6a1ce0a25c5b5c5535a2cd\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_i386.deb\n Size/MD5 checksum: 329760 131f13f9e09a437f6db3375c07756f2d\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_i386.deb\n Size/MD5 checksum: 182312 9d62aa8fb06c00a61d5db5e03c4e02b6\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_i386.deb\n Size/MD5 checksum: 1528278 8843e529305e25fd5977562d319ad12e\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_ia64.deb\n Size/MD5 checksum: 418252 8f0aee77b4c9122d85897deb44c30fc7\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_ia64.deb\n Size/MD5 checksum: 45856 3827593a2149ebab66026a4826f73bb7\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_ia64.deb\n Size/MD5 checksum: 234400 3df3f8c720650fd34ca8227e85c71e96\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_ia64.deb\n Size/MD5 checksum: 509862 bf9e0a22e633346c89dc18ab8ac4e011\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_ia64.deb\n Size/MD5 checksum: 2452290 157f7570f1da4f580973c4029035cabe\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_ia64.deb\n Size/MD5 checksum: 2330570 797e17596f318833cbc40a450b9ae55e\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_ia64.deb\n Size/MD5 checksum: 45942 068ac8d6606d75b3f37a821d0eb4f135\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_mips.deb\n Size/MD5 checksum: 39118 9bf273f3be5c4c94d2921a7fe3370de7\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_mips.deb\n Size/MD5 checksum: 291484 0c4b9ee87d82b5ee1c47f8bf41be39c0\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_mips.deb\n Size/MD5 checksum: 40242 31e2efea7a3e86ffc94cc3f6e0edf85b\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_mips.deb\n Size/MD5 checksum: 386802 def76f6bc6efbf2a3c09b785e0557f36\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_mips.deb\n Size/MD5 checksum: 1503676 f19f0d008664679f1cfc9b2f5f1db5aa\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_mips.deb\n Size/MD5 checksum: 190544 3f3be00745646e54fbc3f662647c5c45\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_mips.deb\n Size/MD5 checksum: 1645258 d140aa6af811ff65d3fdcff10d421cc6\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_mipsel.deb\n Size/MD5 checksum: 385564 3a4100e2049b60a9596845c87e89a50d\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_mipsel.deb\n Size/MD5 checksum: 1523840 6b14e4e13f5f93de5a44ddd1c8cbc2ab\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_mipsel.deb\n Size/MD5 checksum: 290390 8a339a5d0b1c43bba6ab2db185fe3987\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_mipsel.deb\n Size/MD5 checksum: 1666384 cf6d5f83c0d1f6b7d6e38c1cadc922f9\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_mipsel.deb\n Size/MD5 checksum: 39056 b144798294aa1c9874b8ad1cf0305f8b\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_mipsel.deb\n Size/MD5 checksum: 190492 2145e44e00b0f98d7350dc0f8dcc7b28\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_mipsel.deb\n Size/MD5 checksum: 40158 d55d43c6458f468000700f8ee71450d5\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_powerpc.deb\n Size/MD5 checksum: 291506 6bca0c32084d49fcd40fc5c861a720c2\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_powerpc.deb\n Size/MD5 checksum: 60082 1df14f52df8612fa562334b356a1a98a\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_powerpc.deb\n Size/MD5 checksum: 1554786 8f961f88fa414647d4780171de829a87\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_powerpc.deb\n Size/MD5 checksum: 198122 24879111bbea001e60d74d62ce66d0da\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_powerpc.deb\n Size/MD5 checksum: 1455126 90e853a9e8713f9ed9573f7b66cdfb6f\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_powerpc.deb\n Size/MD5 checksum: 359250 5bd2957650d31261cdbe1b5ed6d4f2f5\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_powerpc.deb\n Size/MD5 checksum: 58560 08618d7572cf2aac6004bb83a3913ded\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_s390.deb\n Size/MD5 checksum: 298280 1132af9ce60421efa8aa1e71ca953773\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_s390.deb\n Size/MD5 checksum: 1536440 b285bac7eb7339174a3ff14ff99f71c4\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_s390.deb\n Size/MD5 checksum: 341592 6c11b76ebf4e023ae0572611c694da66\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_s390.deb\n Size/MD5 checksum: 1537382 b00c31187fc4b988574fff99e1b28d20\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_s390.deb\n Size/MD5 checksum: 190644 cb7031a1fd1cf407fe92db4a41226ddf\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_s390.deb\n Size/MD5 checksum: 39122 f71a711f91644e033da09d9d3d59ea67\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_s390.deb\n Size/MD5 checksum: 38976 aa52372ff92408565ba632b3d20f3ddd\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_sparc.deb\n Size/MD5 checksum: 1489964 29ea01a0b810511de1d31ed2772dd815\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_sparc.deb\n Size/MD5 checksum: 184130 e9da26b8adb5ece162d13c81bd434217\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_sparc.deb\n Size/MD5 checksum: 37918 2d5b6dacc8c1c9516c0377c674c8c7d1\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_sparc.deb\n Size/MD5 checksum: 329530 0eb7d29e7dabab1aad695482b3f70424\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_sparc.deb\n Size/MD5 checksum: 273116 ba2a2683dc2a0d51ff89a04cc384e5c0\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_sparc.deb\n Size/MD5 checksum: 1557518 22063900f53253e80d9b72f2ab9c421a\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_sparc.deb\n Size/MD5 checksum: 38216 621c6e277cdd31da75cc6bf2e9fe89d4\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206.orig.tar.gz\n Size/MD5 checksum: 2959259 3c21869969f2490ec73bb2dbea37f205\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206-17+lenny1.dsc\n Size/MD5 checksum: 2095 c125b02249e73f96e604c714a538dc8e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206-17+lenny1.diff.gz\n Size/MD5 checksum: 36440 a8e710ae189082bd518f2c8a73e35b3e\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-doc_0.svn20080206-17+lenny1_all.deb\n Size/MD5 checksum: 12129758 58ff2f91328d610a7064ca62c26f628d\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 3698658 f7f63cb99bd29d6a39c99edec7735777\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 48694 696905f075eb38f2544b58a1b4972ee8\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 233894 eb9dcf33606e6d81ca2929ed1a790d26\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 545878 4bb5967bc7a4b0a0fc6a6e87f02378a5\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 59064 0992d5cfe31a158ada1302bf10f26c05\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 60606 2fbe0b22b549c1d4b690a14ab30fc579\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 110834 f7db226c449a9e8df1b149356471d820\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 91550 de6a4cbef2df70cb29cbd33f8e3a61b2\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 2085674 6059b7f4197b78778e66f66323f7b2ad\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 76260 fbfbdd1ee3ef3bb2973edfb3b974d4eb\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 53660 e510dc116f1b1854693794796c0fd9df\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 355524 97f1e5db1e65e1a870528b2d493112bf\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 2445804 291c8ac7cc91863c0583303296fb5774\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_alpha.deb\n Size/MD5 checksum: 60244 147adcc869e8ef15dd19f6641d81d747\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 67164 c84baeeb57b707dd17e4c0144253f3e4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 2002632 cb33b72f6bb2355d07434d93c9b64b49\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 4218454 73ac85454bea55d31d9007dca4d1fbe4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 51788 c3cced8cc10f93f1cb9272b3b5908d61\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 51476 31a72b98e6db6a6075e6312414d00ed0\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 401586 5c53a566be389baefa4ebdb795c7a4ef\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 104148 794d014320e480c9fdd3ee401e738701\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 321772 bf0f64b35a4f8d36f62f55443c42410c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 48090 6809544aa42ff62d329514e6a750dcc6\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 47332 f0020f32ec485c928712ae57d874b6ea\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 222356 96eba3b8a232576a63aaa4b3eaf270ab\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 1769372 1aab84d0012e01910c69290f2b6950e5\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 93770 4b2619e799fceb49b18eb28bca91f420\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_amd64.deb\n Size/MD5 checksum: 51186 01a44d8bce1a9011bd87238dc6c3d01a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 324008 500c2e5c7e91a8dfe39d09535f0d8de1\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 57710 b9a3039af080d88ff0de47f6c9ef95a6\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 47126 e042f0e50b16ed5bef608845749871f0\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 3797094 2c5c8586d70e5ef683a33c87136f9c4e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 53918 5daf5af0618705796a01ff670d0c6d5a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 83950 62daf5255eaf552383911b7c94c62005\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 2018362 026de874c1a3c3e2fbee7bdf186fe68a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 2204916 1912c9ab8691ea69f94a402d4e35f221\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 226130 fe62aa73ed5c0556a1d90d9401a20e1f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 69410 ea1b2f37320caea6e001c87349d1aef1\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 53752 3ed1bf037bf87edda97e4707b39d6853\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 48400 3c38f7994fd36c73d615a0310e351fa5\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 86882 dd2e5d867e0a8587b26138a3c6b7ad57\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_arm.deb\n Size/MD5 checksum: 391694 c298bf3d8709a5f796725405083c3b6c\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 326092 d3402c2ceaa43210e299ba22b2a39340\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 69888 b145c6f8ea6cdbb35b34c4ee929b4516\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 55932 6a6a1e705bb210bb08c62466fff54df6\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 86276 7d8bbde974e63498298472441aac8f18\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 85384 7e78377e35da2b71c5b893fd63c37dfa\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 1995202 87e56f194ca2adf4a71cfb4615ba4bc5\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 54268 59646512bb1195b440fb0868de5be371\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 2188420 09e6519fbb928e2cd4b5d3d0e51d5f93\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 49636 1364a56d14031c15cca6e9f21491bd5c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 394516 f501fb68f7ed2b91de41e7c29ff0cd60\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 60314 d9fbbbf5238964b8220d9ab68f6b30be\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 47688 c6dc95414a1c5ff84cc835701c63fd26\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 237306 6430985e65503a4a0983d52d464ce38c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_armel.deb\n Size/MD5 checksum: 3806534 50914dd641c29cc634606ca7d04a0463\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 237020 96aa8d17e7c01544be9507afc8420de4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 49994 671920ed76e7c6dfa7096c14c99108f5\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 57142 19a1647a2a974a7225a4a3a489412157\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 83722 ba38f8e87eb522704d2c6b071c2508cc\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 2002874 8963f35e344366e28ac69acd20c74ded\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 382376 f104989647d8249382e4fae00e0e8b5d\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 51854 d3f4da2082420ff945ee5435fe30308d\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 458110 905edfb05028843ea44e2f74392cb28f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 56932 894280d4e6e4b838782ca26d03cee82c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 72886 105e56f84c29a43cebf05dfcb65ce185\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 59506 59ad4bc526e730f08179b0129bfc9f1a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 93160 f1889f745eee74f58b196cac0232340c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 3656762 94d23b06b4b0409be44b5b2c8b2c2aed\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_hppa.deb\n Size/MD5 checksum: 2230526 07d68d4bf0c3fb1ebc4be82c5bc32255\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 47526 a4c15660f27b930f0f9c90dde8b4e9c5\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 51780 38c1dfdc2cf1bc48a77dd2039f914b46\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 3498962 1eae8fe9356248a0141d1715b8544ebf\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 99840 cb7230e4d5e4394f3a35b7a26ed5549e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 1956930 051f4d0b3a8d0aacd704a2a0ca1ffbec\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 69882 e4af313d8da46c690e68a006c06b3fca\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 236836 10234e43724be84d1f18a2c50e8e5d41\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 386008 e0aa2ce94c376fa7687a9b3cadea1922\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 76422 a2e1d4de1ed64789fcfd2eb333be72d5\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 61442 69a1baf17020fcfb34c5bce97bcdc333\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 621148 197033ea4c2976d988cfd006fac5fafb\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 7993084 cf0447034e9143ce20001b09f294a59d\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 156614 55a1055e118d59109de791e7aee53745\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_i386.deb\n Size/MD5 checksum: 66576 75bd9b627788a0ade08e4afa80449d1b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 3236454 15e68be83211a2fbd59ff9aeedd3614a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 2914832 d9d7aaba42f94e313bdd4fdaf8b9bf0d\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 100114 5ef7976eef0c52b7716d372fcb17066b\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 277666 c35f992c8d70fdb5b38c722ebabaac26\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 609578 c3bacbed8842040832921ea3cb94ddc4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 56578 cb584dd8521327b7e3c56ae71bd1abff\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 81832 fd889e58418e358e27675500213dc849\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 55296 9fda2b049512c0abbcdbe9fbd462f501\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 3891752 5689c6543fc08489361c338e03056405\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 68046 78240945ea9a3b57be7d92b4194e5d67\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 68530 95abd4ce2e517a946804aed4a5fb9fd3\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 65196 c71dc073c644d77b2ab95d7d5121d9fa\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 108952 e94117f278fd97f75fbfb124cf0b0ee2\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_ia64.deb\n Size/MD5 checksum: 481368 acb1b2c765760bac61c9195378b3955f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 2065464 b724d3efffdf408595b0eab3d88e29e0\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 3836272 4f318623ddefa7cc04c17876c89262aa\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 1776036 1109770bd6fa9381021c501c38717c1f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 78286 88e3f13ddc2212932597a4d1a1e91135\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 87302 3a4a9476246483e0f99b31a133cc13ad\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 345916 1a70155c08083a79c9d76e73929ced3f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 227472 12578d8f1258a837e8eeff4e78fbbfa2\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 458500 f2d5cde35ba59265b64d98d10bfceeba\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 50266 37a3424a9d45a63fa75603504a6fe1ae\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 48992 0a573514477de02278b2896671c3c18d\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 59304 b79e771d006dedd194d1622643acfa4f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 74078 e12ffb3efdb9e2e09bc9284f0efa513f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 56764 f568dad63fe50529e7ba8ee01c26cbdb\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_mips.deb\n Size/MD5 checksum: 56032 41f90035d3cfa8aeded57812378d9bce\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 344410 2e4e59c0b27dc663bfc6ab50b4ab96ae\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 55942 ff6ccfd964cd6d49999317f66ce15e96\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 50280 0cd010d23f95919a89ee54486ee61582\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 59650 2a16ab351c26fa2f62d12b42103bbddf\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 3715382 e2e20413d7c795440fd49509e101c08e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 2062906 8742c85185dbe4aaeb28d198aafce2e8\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 49004 0db37ab11f6869849aa271ecda2a2e51\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 227732 2721333cea53dbcc098e99e1355f0af4\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 1772034 860dc914a69d5df844642e5b8e46711e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 456646 d8be17730baca28bbdb74db1ecd7dddd\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 86762 9e6a1d63cd3865b6ff2fb577c2ff79a0\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 78244 9a5915d7df9b7b92845a7b3221d784f3\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 73816 820c00f73e1cdf4004224187c410b37c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_mipsel.deb\n Size/MD5 checksum: 56660 7a86ede62a1b02b56978ecc23608b743\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 2101690 dd469f9fa3522f40ba42feaaab115596\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 3578448 5c009b29bddb0a666f2e897706192f75\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 87788 7098ae5a6e4dbd0b10464db7676d9c6e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 60228 3655dce3130e12bf655a5cb02cb3db6c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 101590 6cb4e7616a8fb49b99fd4b4d40e76caf\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 279678 48d316c1d74c6078e126e66f8ecf128e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 87884 3c0a7d2c773d6515424d8c9783cced8f\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 70714 6132fb5b5b8d2769d5bdca88eaf1dfd7\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 49022 7822d1c304202bdbe2713d9550eb0ff1\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 71342 1f024414d0741b8f0daca02859f33203\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 7516844 70b029869e088dae06a6fb37ed614830\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 441004 eb227fd8a12f3e63574434020ae693ce\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 687248 a54728b7c95d52442de7af40515cca9a\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_powerpc.deb\n Size/MD5 checksum: 140804 aafa8f98e2a135bdebf55c3cd52756a0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 49308 88f773e1eed3f91e3bbe65d7df7fbf47\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 361776 6dfb798aa24fe7436e826ee30e1210fc\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 84820 db2f68ce451f40c954d535f0e82633b7\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 55766 e71e22af59c4db9b6fefd952b4f70021\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 232112 90ec9b668b4d7d30d9a5cf15ba10bc94\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 3876244 3a33dcd8d0f2c6e6f4fee89eba1fb787\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 86014 5e3fbfdbea0d158977037782dcbe2253\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 1985678 ef98117d422619dba1e812ad851ff4dc\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 411590 4f1e9f373845f778fe6cd7a3673f48a8\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 60250 9c93419f658f8f904f0537824d0c0307\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 48046 f4161f5039d96fda53201070bd4084ce\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 70682 7b4ce4d9c8dbef6c995d4bdc16cf6652\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 55494 70ef5261c85e55875b241db43b5815c3\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_s390.deb\n Size/MD5 checksum: 1851674 503d7cd823b2d88660cb9981f065adef\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 55516 99a0a412675e4645adcbdc10f710ceeb\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 6852090 8cbbab1e2d5258eef2ab423248bf88c1\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 86420 8605f2ee614d76c6a331780fab3e7197\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 81904 8be0752832d46ec2136fe9501a9e72d6\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 76852 00dac79f947a5fc6ddcfc7cf5208a753\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 3691806 cff1c7cd6079be8d96eaf15bc581c3b8\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 59140 66bc162c54cb599acc0da0c3781f977e\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 403368 8506a71b1d0f6f7df176a207e7c42d11\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 122448 28d9328b7457e59ebc105f8dac5c404c\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 2134564 2b338205c6583fb2ee0e740c7a43d768\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 245646 2d0593c974a8594eab7f5ff528987d15\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 47440 f549e0ceca544d6dbb645344512d07c2\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 629642 df86246596f11ab670831bec895922ff\n http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_sparc.deb\n Size/MD5 checksum: 71296 42f21a1f781a8a73789fdc8b4b8b8dab\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2009-04-29T07:01:02", "published": "2009-04-29T07:01:02", "id": "DEBIAN:DSA-1781-1:2960A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00092.html", "title": "[SECURITY] [DSA 1781-1] New ffmpeg-debian packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:07", "bulletinFamily": "unix", "description": "### Background\n\nMPlayer is a media player including support for a wide range of audio and video formats. \n\n### Description\n\nMultiple vulnerabilities have been reported in MPlayer: \n\n * A stack-based buffer overflow was found in the str_read_packet() function in libavformat/psxstr.c when processing crafted STR files that interleave audio and video sectors (CVE-2008-3162).\n * Felipe Andres Manzano reported multiple integer underflows in the demux_real_fill_buffer() function in demux_real.c when processing crafted Real Media files that cause the stream_read() function to read or write arbitrary memory (CVE-2008-3827).\n * Tobias Klein reported a stack-based buffer overflow in the demux_open_vqf() function in libmpdemux/demux_vqf.c when processing malformed TwinVQ files (CVE-2008-5616).\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted STR, Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MPlayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/mplayer-1.0_rc2_p28058-r1 \"", "modified": "2009-01-12T00:00:00", "published": "2009-01-12T00:00:00", "id": "GLSA-200901-07", "href": "https://security.gentoo.org/glsa/200901-07", "type": "gentoo", "title": "MPlayer: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:33", "bulletinFamily": "unix", "description": "### Background\n\nFFmpeg is a complete solution to record, convert and stream audio and video. gst-plugins-ffmpeg is a FFmpeg based gstreamer plugin which includes a vulnerable copy of FFmpeg code. Mplayer is a multimedia player which also includes a vulnerable copy of the code. \n\n### Description\n\nMultiple vulnerabilities were found in FFmpeg: \n\n * astrange reported a stack-based buffer overflow in the str_read_packet() in libavformat/psxstr.c when processing .str files (CVE-2008-3162).\n * Multiple buffer overflows in libavformat/utils.c (CVE-2008-4866).\n * A buffer overflow in libavcodec/dca.c (CVE-2008-4867).\n * An unspecified vulnerability in the avcodec_close() function in libavcodec/utils.c (CVE-2008-4868).\n * Unspecified memory leaks (CVE-2008-4869).\n * Tobias Klein repoerted a NULL pointer dereference due to an integer signedness error in the fourxm_read_header() function in libavformat/4xm.c (CVE-2009-0385).\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file, possibly leading to the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll FFmpeg users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-0.4.9_p20090201\"\n\nAll gst-plugins-ffmpeg users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-plugins/gst-plugins-ffmpeg-0.10.5\"\n\nAll Mplayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/mplayer-1.0_rc2_p28450\"", "modified": "2009-03-19T00:00:00", "published": "2009-03-19T00:00:00", "id": "GLSA-200903-33", "href": "https://security.gentoo.org/glsa/200903-33", "type": "gentoo", "title": "FFmpeg: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}