{"id": "USN-230-1", "bulletinFamily": "unix", "title": "ffmpeg vulnerability", "description": "Simon Kilvington discovered a buffer overflow in the \navcodec_default_get_buffer() function of the ffmpeg library. By \ntricking an user into opening a malicious movie which contains \nspecially crafted PNG images, this could be exploited to execute \narbitrary code with the user's privileges.", "published": "2005-12-15T00:00:00", "modified": "2005-12-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://ubuntu.com/security/notices/USN-230-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-4048"], "cvelist": ["CVE-2005-4048"], "type": "ubuntu", "lastseen": "2020-07-09T19:34:43", "edition": 5, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-4048"]}, {"type": "openvas", "idList": ["OPENVAS:56412", "OPENVAS:56244", "OPENVAS:56120", "OPENVAS:56459", "OPENVAS:56399", "OPENVAS:55969", "OPENVAS:136141256231057173", "OPENVAS:57173", "OPENVAS:56364"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10665", "SECURITYVULNS:DOC:10669", "SECURITYVULNS:DOC:10667", "SECURITYVULNS:DOC:10666", "SECURITYVULNS:DOC:10668"]}, {"type": "osvdb", "idList": ["OSVDB:21458"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2005-232.NASL", "UBUNTU_USN-230-1.NASL", "MANDRAKE_MDKSA-2005-231.NASL", "MANDRAKE_MDKSA-2005-228.NASL", "MANDRAKE_MDKSA-2005-230.NASL", "DEBIAN_DSA-1005.NASL", "GENTOO_GLSA-200602-01.NASL", "GENTOO_GLSA-200601-06.NASL", "DEBIAN_DSA-1004.NASL", "UBUNTU_USN-230-2.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-992-1:43632", "DEBIAN:DSA-1004-1:15724", "DEBIAN:DSA-1005-1:A8636"]}, {"type": "gentoo", "idList": ["GLSA-200602-01", "GLSA-200601-06", "GLSA-200603-03"]}, {"type": "ubuntu", "idList": ["USN-230-2"]}, {"type": "slackware", "idList": ["SSA-2006-207-04"]}], "modified": "2020-07-09T19:34:43", "rev": 2}, "score": {"value": 7.8, "vector": "NONE", "modified": "2020-07-09T19:34:43", "rev": 2}, "vulnersScore": 7.8}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "kino", "packageVersion": ""}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libavcodec-dev", "packageVersion": ""}], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:24:39", "description": "Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.", "edition": 4, "cvss3": {}, "published": "2005-12-07T11:03:00", "title": "CVE-2005-4048", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-4048"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:ffmpeg:ffmpeg:0.4.7", "cpe:/a:ffmpeg:ffmpeg:cvs", "cpe:/a:ffmpeg:ffmpeg:0.4.6", "cpe:/a:ffmpeg:ffmpeg:0.4.9", "cpe:/a:ffmpeg:ffmpeg:0.4.8"], "id": "CVE-2005-4048", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4048", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:cvs:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4048"], "description": "### Background\n\nxine is a GPL high-performance, portable and reusable multimedia playback engine. xine-lib is xine's core engine. FFmpeg is a very fast video and audio converter and is used in xine-lib. \n\n### Description\n\nSimon Kilvington has reported a vulnerability in FFmpeg libavcodec. The flaw is due to a buffer overflow error in the \"avcodec_default_get_buffer()\" function. This function doesn't properly handle specially crafted PNG files as a result of a heap overflow. \n\n### Impact\n\nA remote attacker could entice a user to run an FFmpeg based application on a maliciously crafted PNG file, resulting in the execution of arbitrary code with the permissions of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xine-lib users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.1-r3\"\n\nAll FFmpeg users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/ffmpeg-0.4.9_p20051216\"", "edition": 1, "modified": "2006-01-10T00:00:00", "published": "2006-01-10T00:00:00", "id": "GLSA-200601-06", "href": "https://security.gentoo.org/glsa/200601-06", "type": "gentoo", "title": "xine-lib, FFmpeg: Heap-based buffer overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:33", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4048"], "edition": 1, "description": "### Background\n\nThe GStreamer FFmpeg plugin uses code from the FFmpeg library to provide fast colorspace conversion and multimedia decoders to the GStreamer open source media framework. \n\n### Description\n\nThe GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap overflow in the \"avcodec_default_get_buffer()\" function discovered by Simon Kilvington (see GLSA 200601-06). \n\n### Impact\n\nA remote attacker could entice a user to run an application using the GStreamer FFmpeg plugin on a maliciously crafted PIX_FMT_PAL8 format image file (like PNG images), possibly leading to the execution of arbitrary code with the permissions of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll GStreamer FFmpeg plugin users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-plugins/gst-plugins-ffmpeg-0.8.7-r1\"", "modified": "2006-02-05T00:00:00", "published": "2006-02-05T00:00:00", "id": "GLSA-200602-01", "href": "https://security.gentoo.org/glsa/200602-01", "type": "gentoo", "title": "GStreamer FFmpeg plugin: Heap-based buffer overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:41", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4048", "CVE-2006-0579"], "edition": 1, "description": "### Background\n\nMPlayer is a media player capable of handling multiple multimedia file formats. \n\n### Description\n\nMPlayer makes use of the FFmpeg library, which is vulnerable to a heap overflow in the avcodec_default_get_buffer() function discovered by Simon Kilvington (see GLSA 200601-06). Furthermore, AFI Security Research discovered two integer overflows in ASF file format decoding, in the new_demux_packet() function from libmpdemux/demuxer.h and the demux_asf_read_packet() function from libmpdemux/demux_asf.c. \n\n### Impact\n\nAn attacker could craft a malicious media file which, when opened using MPlayer, would lead to a heap-based buffer overflow. This could result in the execution of arbitrary code with the permissions of the user running MPlayer. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MPlayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/mplayer-1.0.20060217\"", "modified": "2006-06-21T00:00:00", "published": "2006-03-04T00:00:00", "id": "GLSA-200603-03", "href": "https://security.gentoo.org/glsa/200603-03", "type": "gentoo", "title": "MPlayer: Multiple integer overflows", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "description": "The remote host is missing an update to xine-lib\nannounced via advisory DSA 1005-1.\n\nSimon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\nxine-lib includes a local copy of libavcodec.\n\nThe old stable distribution (woody) isn't affected by this problem.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56459", "href": "http://plugins.openvas.org/nasl.php?oid=56459", "type": "openvas", "title": "Debian Security Advisory DSA 1005-1 (xine-lib)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1005_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1005-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge2.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0.1-1.5.\n\nWe recommend that you upgrade your xine-lib package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201005-1\";\ntag_summary = \"The remote host is missing an update to xine-lib\nannounced via advisory DSA 1005-1.\n\nSimon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\nxine-lib includes a local copy of libavcodec.\n\nThe old stable distribution (woody) isn't affected by this problem.\";\n\n\nif(description)\n{\n script_id(56459);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15743);\n script_cve_id(\"CVE-2005-4048\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1005-1 (xine-lib)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxine-dev\", ver:\"1.0.1-1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxine1\", ver:\"1.0.1-1sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200602-01.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:56244", "href": "http://plugins.openvas.org/nasl.php?oid=56244", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200602-01 (gst-plugins-ffmpeg)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be\nexploited by attackers to execute arbitrary code.\";\ntag_solution = \"All GStreamer FFmpeg plugin users should upgrade to the latest version:\n\n# emerge --sync\n# emerge --ask --oneshot --verbose '>=media-plugins/gst-plugins-ffmpeg-0.8.7-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200602-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=119512\nhttp://www.gentoo.org/security/en/glsa/glsa-200601-06.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200602-01.\";\n\n \n\nif(description)\n{\n script_id(56244);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(15743);\n script_cve_id(\"CVE-2005-4048\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200602-01 (gst-plugins-ffmpeg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-plugins/gst-plugins-ffmpeg\", unaffected: make_list(\"ge 0.8.7-r1\"), vulnerable: make_list(\"lt 0.8.7-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "description": "The remote host is missing an update to ffmpeg\nannounced via advisory DSA 992-1.\n\nSimon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\n\nThe old stable distribution (woody) doesn't contain ffmpeg packages.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56399", "href": "http://plugins.openvas.org/nasl.php?oid=56399", "type": "openvas", "title": "Debian Security Advisory DSA 992-1 (ffmpeg)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_992_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 992-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 0.cvs20050313-2sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.cvs20050918-5.1.\n\nWe recommend that you upgrade your ffmpeg package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20992-1\";\ntag_summary = \"The remote host is missing an update to ffmpeg\nannounced via advisory DSA 992-1.\n\nSimon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\n\nThe old stable distribution (woody) doesn't contain ffmpeg packages.\";\n\n\nif(description)\n{\n script_id(56399);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:07:13 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15743);\n script_cve_id(\"CVE-2005-4048\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 992-1 (ffmpeg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ffmpeg\", ver:\"0.cvs20050313-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavcodec-dev\", ver:\"0.cvs20050313-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libavformat-dev\", ver:\"0.cvs20050313-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpostproc-dev\", ver:\"0.cvs20050313-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "description": "The remote host is missing an update to vlc\nannounced via advisory DSA 1004-1.\n\nSimon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\nThe vlc media player links statically against libavcodec.\n\nThe old stable distribution (woody) isn't affected by this problem.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:56412", "href": "http://plugins.openvas.org/nasl.php?oid=56412", "type": "openvas", "title": "Debian Security Advisory DSA 1004-1 (vlc)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1004_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1004-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 0.8.1.svn20050314-1sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.8.4.debian-2.\n\nWe recommend that you upgrade your vlc package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201004-1\";\ntag_summary = \"The remote host is missing an update to vlc\nannounced via advisory DSA 1004-1.\n\nSimon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\nThe vlc media player links statically against libavcodec.\n\nThe old stable distribution (woody) isn't affected by this problem.\";\n\n\nif(description)\n{\n script_id(56412);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:09:45 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(15743);\n script_cve_id(\"CVE-2005-4048\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1004-1 (vlc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnome-vlc\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gvlc\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kvlc\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc0-dev\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mozilla-plugin-vlc\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qvlc\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-alsa\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-esd\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-ggi\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-gnome\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-gtk\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-alsa\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-arts\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-esd\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-ggi\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-qt\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-sdl\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"wxvlc\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-glide\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-glide\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svgalib\", ver:\"0.8.1.svn20050314-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200601-06.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:56120", "href": "http://plugins.openvas.org/nasl.php?oid=56120", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200601-06 (xine-lib ffmpeg)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"xine-lib and FFmpeg are vulnerable to a buffer overflow that may be\nexploited by attackers to execute arbitrary code.\";\ntag_solution = \"All xine-lib users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.1-r3'\n\nAll FFmpeg users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=media-video/ffmpeg-0.4.9_p20051216'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200601-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=115849\nhttp://bugs.gentoo.org/show_bug.cgi?id=116181\nhttp://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200601-06.\";\n\n \n\nif(description)\n{\n script_id(56120);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(15743);\n script_cve_id(\"CVE-2005-4048\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200601-06 (xine-lib ffmpeg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/xine-lib\", unaffected: make_list(\"ge 1.1.1-r3\"), vulnerable: make_list(\"lt 1.1.1-r3\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"media-video/ffmpeg\", unaffected: make_list(\"ge 0.4.9_p20051216\"), vulnerable: make_list(\"lt 0.4.9_p20051216\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-2802", "CVE-2005-4048"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-207-04.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231057173", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057173", "type": "openvas", "title": "Slackware Advisory SSA:2006-207-04 xine-lib", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_207_04.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57173\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2005-4048\", \"CVE-2006-2802\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-207-04 xine-lib\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK10\\.2\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-207-04\");\n\n script_tag(name:\"insight\", value:\"New xine-lib packages are available for Slackware 10.2 and -current to\nfix security issues.\n\nEvidently there is also an issue involving AVI files which has not\nbeen issued a CVE entry.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-207-04.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"xine-lib\", ver:\"1.1.2-i686-1\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-2802", "CVE-2005-4048"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-207-04.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:57173", "href": "http://plugins.openvas.org/nasl.php?oid=57173", "type": "openvas", "title": "Slackware Advisory SSA:2006-207-04 xine-lib", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_207_04.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xine-lib packages are available for Slackware 10.2 and -current to\nfix security issues.\n\nEvidently there is also an issue involving AVI files which has not\nbeen issued a CVE entry.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-207-04.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-207-04\";\n \nif(description)\n{\n script_id(57173);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2005-4048\", \"CVE-2006-2802\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-207-04 xine-lib \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xine-lib\", ver:\"1.1.2-i686-1\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048", "CVE-2006-0579"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200603-03.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:56364", "href": "http://plugins.openvas.org/nasl.php?oid=56364", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200603-03 (MPlayer)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"MPlayer is vulnerable to integer overflows in FFmpeg and ASF decoding that\ncould potentially result in the execution of arbitrary code.\";\ntag_solution = \"All MPlayer users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0.20060217'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200603-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=115760\nhttp://bugs.gentoo.org/show_bug.cgi?id=122029\nhttp://www.gentoo.org/security/en/glsa/glsa-200601-06.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200603-03.\";\n\n \n\nif(description)\n{\n script_id(56364);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-4048\", \"CVE-2006-0579\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200603-03 (MPlayer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-video/mplayer\", unaffected: make_list(\"ge 1.0.20060217\"), vulnerable: make_list(\"lt 1.0.20060217\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4800", "CVE-2005-4048", "CVE-2006-4799"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-19T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:55969", "href": "http://plugins.openvas.org/nasl.php?oid=55969", "type": "openvas", "title": "FreeBSD Ports: ffmpeg", "sourceData": "#\n#VID 964161cd-6715-11da-99f6-00123ffe8333\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected: ffmpeg ffmpeg-devel\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558\nhttp://secunia.com/advisories/17892/\nhttp://www.vuxml.org/freebsd/964161cd-6715-11da-99f6-00123ffe8333.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55969);\n script_version(\"$Revision: 4112 $\");\n script_cve_id(\"CVE-2005-4048\", \"CVE-2006-4799\", \"CVE-2006-4800\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: ffmpeg\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ffmpeg\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.4.9.p1_4\")<0) {\n txt += 'Package ffmpeg version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ffmpeg-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.4.9.c.2005120600\")<0) {\n txt += 'Package ffmpeg-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T19:47:24", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4048"], "description": "USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine \nlibrary contains a copy of the ffmpeg code, thus it is vulnerable to \nthe same flaw.\n\nFor reference, this is the original advisory:\n\nSimon Kilvington discovered a buffer overflow in the \navcodec_default_get_buffer() function of the ffmpeg library. By \ntricking an user into opening a malicious movie which contains \nspecially crafted PNG images, this could be exploited to execute \narbitrary code with the user's privileges.", "edition": 5, "modified": "2005-12-16T00:00:00", "published": "2005-12-16T00:00:00", "id": "USN-230-2", "href": "https://ubuntu.com/security/notices/USN-230-2", "title": "ffmpeg/xine-lib vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T11:51:30", "description": "Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user's system.\n\nThe vulnerability is caused due to a boundary error in the\n'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec.\nThis can be exploited to cause a heap-based buffer overflow when a\nspecially crafted 1x1 '.png' file containing a palette is read.\n\nXmovie is built with a private copy of ffmpeg containing this same\ncode.\n\nThe updated packages have been patched to prevent this problem.", "edition": 25, "published": "2006-01-15T00:00:00", "title": "Mandrake Linux Security Advisory : xmovie (MDKSA-2005:229)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "modified": "2006-01-15T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:xmovie"], "id": "MANDRAKE_MDKSA-2005-229.NASL", "href": "https://www.tenable.com/plugins/nessus/20460", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:229. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20460);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-4048\");\n script_xref(name:\"MDKSA\", value:\"2005:229\");\n\n script_name(english:\"Mandrake Linux Security Advisory : xmovie (MDKSA-2005:229)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user's system.\n\nThe vulnerability is caused due to a boundary error in the\n'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec.\nThis can be exploited to cause a heap-based buffer overflow when a\nspecially crafted 1x1 '.png' file containing a palette is read.\n\nXmovie is built with a private copy of ffmpeg containing this same\ncode.\n\nThe updated packages have been patched to prevent this problem.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xmovie package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xmovie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"xmovie-1.9.13-2.2.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:30", "description": "Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user's system.\n\nThe vulnerability is caused due to a boundary error in the\n'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec.\nThis can be exploited to cause a heap-based buffer overflow when a\nspecially crafted 1x1 '.png' file containing a palette is read.\n\nGstreamer-ffmpeg is built with a private copy of ffmpeg containing\nthis same code.\n\nThe updated packages have been patched to prevent this problem.", "edition": 25, "published": "2006-01-15T00:00:00", "title": "Mandrake Linux Security Advisory : gstreamer-ffmpeg (MDKSA-2005:232)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "modified": "2006-01-15T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gstreamer-ffmpeg", "cpe:/o:mandriva:linux:2006"], "id": "MANDRAKE_MDKSA-2005-232.NASL", "href": "https://www.tenable.com/plugins/nessus/20463", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:232. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20463);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-4048\");\n script_xref(name:\"MDKSA\", value:\"2005:232\");\n\n script_name(english:\"Mandrake Linux Security Advisory : gstreamer-ffmpeg (MDKSA-2005:232)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user's system.\n\nThe vulnerability is caused due to a boundary error in the\n'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec.\nThis can be exploited to cause a heap-based buffer overflow when a\nspecially crafted 1x1 '.png' file containing a palette is read.\n\nGstreamer-ffmpeg is built with a private copy of ffmpeg containing\nthis same code.\n\nThe updated packages have been patched to prevent this problem.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-ffmpeg package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gstreamer-ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"gstreamer-ffmpeg-0.8.6-1.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:30", "description": "Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user's system.\n\nThe vulnerability is caused due to a boundary error in the\n'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec.\nThis can be exploited to cause a heap-based buffer overflow when a\nspecially crafted 1x1 '.png' file containing a palette is read.\n\nMplayer is built with a private copy of ffmpeg containing this same\ncode.\n\nThe updated packages have been patched to prevent this problem.", "edition": 25, "published": "2006-01-15T00:00:00", "title": "Mandrake Linux Security Advisory : mplayer (MDKSA-2005:230)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "modified": "2006-01-15T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64postproc0", "p-cpe:/a:mandriva:linux:libdha1.0", "p-cpe:/a:mandriva:linux:mplayer", "p-cpe:/a:mandriva:linux:mencoder", "p-cpe:/a:mandriva:linux:lib64postproc0-devel", "p-cpe:/a:mandriva:linux:mplayer-gui", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:libpostproc0-devel", "p-cpe:/a:mandriva:linux:libpostproc0"], "id": "MANDRAKE_MDKSA-2005-230.NASL", "href": "https://www.tenable.com/plugins/nessus/20461", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:230. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20461);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-4048\");\n script_xref(name:\"MDKSA\", value:\"2005:230\");\n\n script_name(english:\"Mandrake Linux Security Advisory : mplayer (MDKSA-2005:230)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user's system.\n\nThe vulnerability is caused due to a boundary error in the\n'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec.\nThis can be exploited to cause a heap-based buffer overflow when a\nspecially crafted 1x1 '.png' file containing a palette is read.\n\nMplayer is built with a private copy of ffmpeg containing this same\ncode.\n\nThe updated packages have been patched to prevent this problem.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64postproc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64postproc0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdha1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpostproc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpostproc0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mencoder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64postproc0-1.0-1.pre7.12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64postproc0-devel-1.0-1.pre7.12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libdha1.0-1.0-1.pre7.12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libpostproc0-1.0-1.pre7.12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libpostproc0-devel-1.0-1.pre7.12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"mencoder-1.0-1.pre7.12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"mplayer-1.0-1.pre7.12.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"mplayer-gui-1.0-1.pre7.12.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:03:52", "description": "Simon Kilvington discovered that specially crafted PNG images can\ntrigger a heap overflow in libavcodec, the multimedia library of\nffmpeg, which may lead to the execution of arbitrary code.", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-992-1 : ffmpeg - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "modified": "2006-10-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ffmpeg", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-992.NASL", "href": "https://www.tenable.com/plugins/nessus/22858", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-992. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22858);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-4048\");\n script_xref(name:\"DSA\", value:\"992\");\n\n script_name(english:\"Debian DSA-992-1 : ffmpeg - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Simon Kilvington discovered that specially crafted PNG images can\ntrigger a heap overflow in libavcodec, the multimedia library of\nffmpeg, which may lead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-992\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ffmpeg package.\n\nThe old stable distribution (woody) doesn't contain ffmpeg packages.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.cvs20050313-2sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"ffmpeg\", reference:\"0.cvs20050313-2sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libavcodec-dev\", reference:\"0.cvs20050313-2sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libavformat-dev\", reference:\"0.cvs20050313-2sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libpostproc-dev\", reference:\"0.cvs20050313-2sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:44:31", "description": "Simon Kilvington discovered that specially crafted PNG images can\ntrigger a heap overflow in libavcodec, the multimedia library of\nffmpeg, which may lead to the execution of arbitrary code. xine-lib\nincludes a local copy of libavcodec.", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1005-1 : xine-lib - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "modified": "2006-10-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xine-lib", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-1005.NASL", "href": "https://www.tenable.com/plugins/nessus/22547", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1005. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22547);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-4048\");\n script_xref(name:\"DSA\", value:\"1005\");\n\n script_name(english:\"Debian DSA-1005-1 : xine-lib - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Simon Kilvington discovered that specially crafted PNG images can\ntrigger a heap overflow in libavcodec, the multimedia library of\nffmpeg, which may lead to the execution of arbitrary code. xine-lib\nincludes a local copy of libavcodec.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1005\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xine-lib package.\n\nThe old stable distribution (woody) isn't affected by this problem.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libxine-dev\", reference:\"1.0.1-1sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libxine1\", reference:\"1.0.1-1sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:27:39", "description": "Simon Kilvington discovered a buffer overflow in the\navcodec_default_get_buffer() function of the ffmpeg library. By\ntricking an user into opening a malicious movie which contains\nspecially crafted PNG images, this could be exploited to execute\narbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2006-01-21T00:00:00", "title": "Ubuntu 5.04 : ffmpeg vulnerability (USN-230-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "modified": "2006-01-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libavcodec-dev", "p-cpe:/a:canonical:ubuntu_linux:libavformat-dev", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:kino", "p-cpe:/a:canonical:ubuntu_linux:libpostproc-dev", "p-cpe:/a:canonical:ubuntu_linux:ffmpeg"], "id": "UBUNTU_USN-230-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20773", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-230-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20773);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-4048\");\n script_xref(name:\"USN\", value:\"230-1\");\n\n script_name(english:\"Ubuntu 5.04 : ffmpeg vulnerability (USN-230-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Simon Kilvington discovered a buffer overflow in the\navcodec_default_get_buffer() function of the ffmpeg library. By\ntricking an user into opening a malicious movie which contains\nspecially crafted PNG images, this could be exploited to execute\narbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kino\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavcodec-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libavformat-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpostproc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ffmpeg\", pkgver:\"0.cvs20050121-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"kino\", pkgver:\"0.75-6ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libavcodec-dev\", pkgver:\"0.cvs20050121-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libavformat-dev\", pkgver:\"0.cvs20050121-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libpostproc-dev\", pkgver:\"0.cvs20050121-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ffmpeg / kino / libavcodec-dev / libavformat-dev / libpostproc-dev\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:27:39", "description": "USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine\nlibrary contains a copy of the ffmpeg code, thus it is vulnerable to\nthe same flaw.\n\nFor reference, this is the original advisory :\n\nSimon Kilvington discovered a buffer overflow in the\navcodec_default_get_buffer() function of the ffmpeg library. By\ntricking an user into opening a malicious movie which contains\nspecially crafted PNG images, this could be exploited to execute\narbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2006-01-21T00:00:00", "title": "Ubuntu 4.10 / 5.04 / 5.10 : xine-lib vulnerability (USN-230-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "modified": "2006-01-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxine-dev", "p-cpe:/a:canonical:ubuntu_linux:libxine1c2", "p-cpe:/a:canonical:ubuntu_linux:libxine1", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:4.10", "cpe:/o:canonical:ubuntu_linux:5.10"], "id": "UBUNTU_USN-230-2.NASL", "href": "https://www.tenable.com/plugins/nessus/20774", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-230-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20774);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-4048\");\n script_xref(name:\"USN\", value:\"230-2\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 / 5.10 : xine-lib vulnerability (USN-230-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine\nlibrary contains a copy of the ffmpeg code, thus it is vulnerable to\nthe same flaw.\n\nFor reference, this is the original advisory :\n\nSimon Kilvington discovered a buffer overflow in the\navcodec_default_get_buffer() function of the ffmpeg library. By\ntricking an user into opening a malicious movie which contains\nspecially crafted PNG images, this could be exploited to execute\narbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libxine-dev, libxine1 and / or libxine1c2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1c2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxine-dev\", pkgver:\"1-rc5-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxine1\", pkgver:\"1-rc5-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libxine-dev\", pkgver:\"1.0-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libxine1\", pkgver:\"1.0-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libxine-dev\", pkgver:\"1.0.1-1ubuntu10.2\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libxine1c2\", pkgver:\"1.0.1-1ubuntu10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxine-dev / libxine1 / libxine1c2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:30", "description": "Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user's system.\n\nThe vulnerability is caused due to a boundary error in the\n'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec.\nThis can be exploited to cause a heap-based buffer overflow when a\nspecially crafted 1x1 '.png' file containing a palette is read.\n\nXine-lib is built with a private copy of ffmpeg containing this same\ncode. (Corporate Server 2.1 is not vulnerable)\n\nThe updated packages have been patched to prevent this problem.", "edition": 25, "published": "2006-01-15T00:00:00", "title": "Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:228)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "modified": "2006-01-15T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:xine-gnomevfs", "p-cpe:/a:mandriva:linux:libxine1", "p-cpe:/a:mandriva:linux:xine-smb", "p-cpe:/a:mandriva:linux:xine-plugins", "p-cpe:/a:mandriva:linux:lib64xine1-devel", "p-cpe:/a:mandriva:linux:xine-flac", "p-cpe:/a:mandriva:linux:xine-esd", "p-cpe:/a:mandriva:linux:xine-arts", "p-cpe:/a:mandriva:linux:xine-dxr3", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:libxine1-devel", "p-cpe:/a:mandriva:linux:lib64xine1", "p-cpe:/a:mandriva:linux:xine-polyp", "p-cpe:/a:mandriva:linux:xine-aa", "p-cpe:/a:mandriva:linux:xine-image"], "id": "MANDRAKE_MDKSA-2005-228.NASL", "href": "https://www.tenable.com/plugins/nessus/20459", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:228. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20459);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-4048\");\n script_xref(name:\"MDKSA\", value:\"2005:228\");\n\n script_name(english:\"Mandrake Linux Security Advisory : xine-lib (MDKSA-2005:228)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user's system.\n\nThe vulnerability is caused due to a boundary error in the\n'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec.\nThis can be exploited to cause a heap-based buffer overflow when a\nspecially crafted 1x1 '.png' file containing a palette is read.\n\nXine-lib is built with a private copy of ffmpeg containing this same\ncode. (Corporate Server 2.1 is not vulnerable)\n\nThe updated packages have been patched to prevent this problem.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxine1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-aa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-dxr3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-flac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-polyp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xine-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64xine1-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64xine1-devel-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libxine1-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libxine1-devel-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-aa-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-arts-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-dxr3-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-esd-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-flac-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-gnomevfs-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-image-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-plugins-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-polyp-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"xine-smb-1.1.0-9.2.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:00", "description": "The remote host is affected by the vulnerability described in GLSA-200601-06\n(xine-lib, FFmpeg: Heap-based buffer overflow)\n\n Simon Kilvington has reported a vulnerability in FFmpeg\n libavcodec. The flaw is due to a buffer overflow error in the\n 'avcodec_default_get_buffer()' function. This function doesn't properly\n handle specially crafted PNG files as a result of a heap overflow.\n \nImpact :\n\n A remote attacker could entice a user to run an FFmpeg based\n application on a maliciously crafted PNG file, resulting in the\n execution of arbitrary code with the permissions of the user running\n the application.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2006-01-15T00:00:00", "title": "GLSA-200601-06 : xine-lib, FFmpeg: Heap-based buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "modified": "2006-01-15T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xine-lib", "p-cpe:/a:gentoo:linux:ffmpeg"], "id": "GENTOO_GLSA-200601-06.NASL", "href": "https://www.tenable.com/plugins/nessus/20416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200601-06.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20416);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-4048\");\n script_xref(name:\"GLSA\", value:\"200601-06\");\n\n script_name(english:\"GLSA-200601-06 : xine-lib, FFmpeg: Heap-based buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200601-06\n(xine-lib, FFmpeg: Heap-based buffer overflow)\n\n Simon Kilvington has reported a vulnerability in FFmpeg\n libavcodec. The flaw is due to a buffer overflow error in the\n 'avcodec_default_get_buffer()' function. This function doesn't properly\n handle specially crafted PNG files as a result of a heap overflow.\n \nImpact :\n\n A remote attacker could entice a user to run an FFmpeg based\n application on a maliciously crafted PNG file, resulting in the\n execution of arbitrary code with the permissions of the user running\n the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200601-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xine-lib users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/xine-lib-1.1.1-r3'\n All FFmpeg users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-0.4.9_p20051216'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xine-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/ffmpeg\", unaffected:make_list(\"ge 0.4.9_p20051216\"), vulnerable:make_list(\"lt 0.4.9_p20051216\"))) flag++;\nif (qpkg_check(package:\"media-libs/xine-lib\", unaffected:make_list(\"ge 1.1.1-r3\"), vulnerable:make_list(\"lt 1.1.1-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xine-lib / FFmpeg\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:30", "description": "Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user's system.\n\nThe vulnerability is caused due to a boundary error in the\n'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec.\nThis can be exploited to cause a heap-based buffer overflow when a\nspecially crafted 1x1 '.png' file containing a palette is read.\n\nThe updated packages have been patched to prevent this problem.", "edition": 25, "published": "2006-01-15T00:00:00", "title": "Mandrake Linux Security Advisory : ffmpeg (MDKSA-2005:231)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4048"], "modified": "2006-01-15T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libffmpeg0-devel", "p-cpe:/a:mandriva:linux:libffmpeg0", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:lib64ffmpeg0-devel", "p-cpe:/a:mandriva:linux:ffmpeg", "p-cpe:/a:mandriva:linux:lib64ffmpeg0"], "id": "MANDRAKE_MDKSA-2005-231.NASL", "href": "https://www.tenable.com/plugins/nessus/20462", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:231. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20462);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-4048\");\n script_xref(name:\"MDKSA\", value:\"2005:231\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ffmpeg (MDKSA-2005:231)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and potentially to compromise a user's system.\n\nThe vulnerability is caused due to a boundary error in the\n'avcodec_default_get_buffer()' function of 'utils.c' in libavcodec.\nThis can be exploited to cause a heap-based buffer overflow when a\nspecially crafted 1x1 '.png' file containing a palette is read.\n\nThe updated packages have been patched to prevent this problem.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ffmpeg0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libffmpeg0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ffmpeg-0.4.9-0.pre1.5.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg0-0.4.9-0.pre1.5.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64ffmpeg0-devel-0.4.9-0.pre1.5.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libffmpeg0-0.4.9-0.pre1.5.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libffmpeg0-devel-0.4.9-0.pre1.5.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-4048"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2005:231\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : ffmpeg\r\n Date : December 14, 2005\r\n Affected: 2006.0, Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, \r\n which can be exploited by malicious people to cause a DoS &#40;Denial \r\n of Service&#41; and potentially to compromise a user&#39;s system.\r\n \r\n The vulnerability is caused due to a boundary error in the \r\n &quot;avcodec_default_get_buffer&#40;&#41;&quot; function of &quot;utils.c&quot; in libavcodec. \r\n This can be exploited to cause a heap-based buffer overflow when a \r\n specially-crafted 1x1 &quot;.png&quot; file containing a palette is read.\r\n \r\n The updated packages have been patched to prevent this problem.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n 328ece4eb327ae1a8bd469e7cfd67a3e 2006.0/RPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.i586.rpm\r\n 56b14628f0c39a90e73efdd707c01abb 2006.0/RPMS/libffmpeg0-0.4.9-0.pre1.5.1.20060mdk.i586.rpm\r\n 26e70cd6bcf85d2da24ff21d23e54ec4 2006.0/RPMS/libffmpeg0-devel-0.4.9-0.pre1.5.1.20060mdk.i586.rpm\r\n 33c744c5c8b5e97b26d3a871c664f38d 2006.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2006.0/X86_64:\r\n fffaeaf65e153d5c68ba8fc2e63f5a20 x86_64/2006.0/RPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm\r\n cfe92867d45206761c2d0442fc94438b x86_64/2006.0/RPMS/lib64ffmpeg0-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm\r\n 69a16bc824805150c1c08660421215bf x86_64/2006.0/RPMS/lib64ffmpeg0-devel-0.4.9-0.pre1.5.1.20060mdk.x86_64.rpm\r\n 33c744c5c8b5e97b26d3a871c664f38d x86_64/2006.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.1.20060mdk.src.rpm\r\n\r\n Corporate 3.0:\r\n 8c9f945457c3c6b6ea27bdc09b551228 corporate/3.0/RPMS/ffmpeg-0.4.8-7.2.C30mdk.i586.rpm\r\n 7a18cf6e760524cdc11dcb41674de4c4 corporate/3.0/RPMS/libffmpeg0-0.4.8-7.2.C30mdk.i586.rpm\r\n a28eed315d715bf831fe4e1c4fa755b0 corporate/3.0/RPMS/libffmpeg0-devel-0.4.8-7.2.C30mdk.i586.rpm\r\n c0933f7bdd4c18c2acbc87daaa575dc7 corporate/3.0/SRPMS/ffmpeg-0.4.8-7.2.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 005b38cf84986bcb47a96eae3312196c x86_64/corporate/3.0/RPMS/ffmpeg-0.4.8-7.2.C30mdk.x86_64.rpm\r\n cd8c5a941ce2a7c8b3b1bd698627391c x86_64/corporate/3.0/RPMS/lib64ffmpeg0-0.4.8-7.2.C30mdk.x86_64.rpm\r\n 66c67e4a1bea207ecccd6b7c5336b489 x86_64/corporate/3.0/RPMS/lib64ffmpeg0-devel-0.4.8-7.2.C30mdk.x86_64.rpm\r\n c0933f7bdd4c18c2acbc87daaa575dc7 x86_64/corporate/3.0/SRPMS/ffmpeg-0.4.8-7.2.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFDoIvSmqjQ0CJFipgRAvWxAJ9yOBnb23UJaYz6Qop3euOTW7Xr8QCg2VH2\r\nnQECP6rdrur/l2TikKV1V30=\r\n=+fkD\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2005-12-16T00:00:00", "published": "2005-12-16T00:00:00", "id": "SECURITYVULNS:DOC:10668", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10668", "title": "MDKSA-2005:231 - Updated ffmpeg packages fix buffer overflow vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-4048"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2005:229\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : xmovie\r\n Date : December 14, 2005\r\n Affected: 2006.0, Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, \r\n which can be exploited by malicious people to cause a DoS &#40;Denial \r\n of Service&#41; and potentially to compromise a user&#39;s system.\r\n \r\n The vulnerability is caused due to a boundary error in the \r\n &quot;avcodec_default_get_buffer&#40;&#41;&quot; function of &quot;utils.c&quot; in libavcodec. \r\n This can be exploited to cause a heap-based buffer overflow when a \r\n specially-crafted 1x1 &quot;.png&quot; file containing a palette is read.\r\n \r\n Xmovie is built with a private copy of ffmpeg containing this \r\n same code.\r\n \r\n The updated packages have been patched to prevent this problem.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n b6b3622d949af833f6fbb5b89a32a10d 2006.0/RPMS/xmovie-1.9.13-2.2.20060mdk.i586.rpm\r\n 48f0b55b1d8547eb77d3f4cf9787544b 2006.0/SRPMS/xmovie-1.9.13-2.2.20060mdk.src.rpm\r\n\r\n Corporate 3.0:\r\n 3fae159ac8ab7aa190d341868009e3c6 corporate/3.0/RPMS/xmovie-1.9.11-1.2.C30mdk.i586.rpm\r\n 18674dd3aff5f923ac327bbf134aca8c corporate/3.0/SRPMS/xmovie-1.9.11-1.2.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFDoImJmqjQ0CJFipgRAjvUAKCnN0bVkbd9HsA8+KgveXVd9DVKdwCfa0Hm\r\n7jgGjjBwWM6iVdgSewMJviw=\r\n=JTeK\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2005-12-16T00:00:00", "published": "2005-12-16T00:00:00", "id": "SECURITYVULNS:DOC:10666", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10666", "title": "MDKSA-2005:229 - Updated xmovie packages fix buffer overflow vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-4048"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2005:230\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : mplayer\r\n Date : December 14, 2005\r\n Affected: 2006.0, Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, \r\n which can be exploited by malicious people to cause a DoS &#40;Denial \r\n of Service&#41; and potentially to compromise a user&#39;s system.\r\n \r\n The vulnerability is caused due to a boundary error in the \r\n &quot;avcodec_default_get_buffer&#40;&#41;&quot; function of &quot;utils.c&quot; in libavcodec. \r\n This can be exploited to cause a heap-based buffer overflow when a \r\n specially-crafted 1x1 &quot;.png&quot; file containing a palette is read.\r\n \r\n Mplayer is built with a private copy of ffmpeg containing this \r\n same code.\r\n \r\n The updated packages have been patched to prevent this problem.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n 0ec3fbc7140878b8852bfe4523bc976f 2006.0/RPMS/libdha1.0-1.0-1.pre7.12.1.20060mdk.i586.rpm\r\n 4d06925f029d9cb90de021361ec1eb8a 2006.0/RPMS/libpostproc0-1.0-1.pre7.12.1.20060mdk.i586.rpm\r\n 480697743af240b95de26f3ee2ee27bb 2006.0/RPMS/libpostproc0-devel-1.0-1.pre7.12.1.20060mdk.i586.rpm\r\n bd5f41b990b0f44258e22574f7995267 2006.0/RPMS/mencoder-1.0-1.pre7.12.1.20060mdk.i586.rpm\r\n 2e03b0379a736eeda906f521f51a8aae 2006.0/RPMS/mplayer-1.0-1.pre7.12.1.20060mdk.i586.rpm\r\n a0b6a9272cb389107871176acd59374d 2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.1.20060mdk.i586.rpm\r\n 598d3194b03a2953478058300e9867be 2006.0/SRPMS/mplayer-1.0-1.pre7.12.1.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2006.0/X86_64:\r\n 5ec60b589f7b913e5da5b410d476df34 x86_64/2006.0/RPMS/lib64postproc0-1.0-1.pre7.12.1.20060mdk.x86_64.rpm\r\n f169744934c966e9d6f063bdaabe61df x86_64/2006.0/RPMS/lib64postproc0-devel-1.0-1.pre7.12.1.20060mdk.x86_64.rpm\r\n e5cd5361fbf279b75adeb038e45f30b3 x86_64/2006.0/RPMS/mencoder-1.0-1.pre7.12.1.20060mdk.x86_64.rpm\r\n d955698040d2ccc2999b847b5f2d675b x86_64/2006.0/RPMS/mplayer-1.0-1.pre7.12.1.20060mdk.x86_64.rpm\r\n 1f4bdb33c3e36ee18be2caaef670882d x86_64/2006.0/RPMS/mplayer-gui-1.0-1.pre7.12.1.20060mdk.x86_64.rpm\r\n 598d3194b03a2953478058300e9867be x86_64/2006.0/SRPMS/mplayer-1.0-1.pre7.12.1.20060mdk.src.rpm\r\n\r\n Corporate 3.0:\r\n 573a0671a726dda3e54147a1c9ba29ed corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.5.C30mdk.i586.rpm\r\n aa92e33a95a2e1848b9204fdb7d7e802 corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.5.C30mdk.i586.rpm\r\n 52cbda2a1568908abb2b5dfe6e5df742 corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.5.C30mdk.i586.rpm\r\n 2d4eef182721451a986db84cd02bb98f corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.5.C30mdk.i586.rpm\r\n 74c84c00d4f23cd359b2b86ecd441a35 corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.5.C30mdk.i586.rpm\r\n 168340803feefa90fd44204f1a57832e corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.5.C30mdk.i586.rpm\r\n 37026a2af62ea105e5191ba63ae7abcc corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.5.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 8fbf576d3d232fcdc273ee79d1b8a411 x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.5.C30mdk.x86_64.rpm\r\n bfeeb43e38be402db9a15d09017c57fc x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.5.C30mdk.x86_64.rpm\r\n b261ec2a243b557b842372a8500e0102 x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.5.C30mdk.x86_64.rpm\r\n 5ee546e66a0956b4cfcc8f7f76ac5c1b x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.5.C30mdk.x86_64.rpm\r\n 5d079fccbb6aa538e2e462bf8195ccf1 x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.5.C30mdk.x86_64.rpm\r\n 37026a2af62ea105e5191ba63ae7abcc x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.5.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFDoItpmqjQ0CJFipgRAnHYAKD1C/yirdkJgmCCgzHQ3LuPbrCvCQCfdo04\r\nB4ULYp42H7z3rnTp5a+UcVo=\r\n=fnux\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2005-12-16T00:00:00", "published": "2005-12-16T00:00:00", "id": "SECURITYVULNS:DOC:10667", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10667", "title": "MDKSA-2005:230 - Updated mplayer packages fix buffer overflow vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-4048"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2005:228\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : xine-lib\r\n Date : December 14, 2005\r\n Affected: 2006.0, Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, \r\n which can be exploited by malicious people to cause a DoS &#40;Denial \r\n of Service&#41; and potentially to compromise a user&#39;s system.\r\n \r\n The vulnerability is caused due to a boundary error in the \r\n &quot;avcodec_default_get_buffer&#40;&#41;&quot; function of &quot;utils.c&quot; in libavcodec. \r\n This can be exploited to cause a heap-based buffer overflow when a \r\n specially-crafted 1x1 &quot;.png&quot; file containing a palette is read.\r\n \r\n Xine-lib is built with a private copy of ffmpeg containing this \r\n same code. &#40;Corporate Server 2.1 is not vulnerable&#41;\r\n \r\n The updated packages have been patched to prevent this problem.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n 106bddc3b9cb60714c00c9ca0709f24f 2006.0/RPMS/libxine1-1.1.0-9.2.20060mdk.i586.rpm\r\n 080965d48571a7c6a21f5509b9edc6bb 2006.0/RPMS/libxine1-devel-1.1.0-9.2.20060mdk.i586.rpm\r\n 1b5cab0dea7da6a896f076f40057b04f 2006.0/RPMS/xine-aa-1.1.0-9.2.20060mdk.i586.rpm\r\n 749413958bae867d0e401cf3fb7ad2d4 2006.0/RPMS/xine-arts-1.1.0-9.2.20060mdk.i586.rpm\r\n 6dacf41d2ebea975675eeec3daaa5ed2 2006.0/RPMS/xine-dxr3-1.1.0-9.2.20060mdk.i586.rpm\r\n 1c0a5a698ffd77dac839cdd70e3a568b 2006.0/RPMS/xine-esd-1.1.0-9.2.20060mdk.i586.rpm\r\n ce3a5ecb960a91faafd6376eb1d79bfb 2006.0/RPMS/xine-flac-1.1.0-9.2.20060mdk.i586.rpm\r\n cff6a28e36785bb64f5cde6911d03a49 2006.0/RPMS/xine-gnomevfs-1.1.0-9.2.20060mdk.i586.rpm\r\n 8cffb6762d014113bdcb78f3b7c682f9 2006.0/RPMS/xine-image-1.1.0-9.2.20060mdk.i586.rpm\r\n 22a248a5660f5098dcbd0731a92ba7e0 2006.0/RPMS/xine-plugins-1.1.0-9.2.20060mdk.i586.rpm\r\n 4a3ce0b28a549de15f9668f0236bf50c 2006.0/RPMS/xine-polyp-1.1.0-9.2.20060mdk.i586.rpm\r\n f5f118f2bbfb1bdd4f9a940450050e53 2006.0/RPMS/xine-smb-1.1.0-9.2.20060mdk.i586.rpm\r\n 424b1913ecb7aa0f96b19c71500f65a3 2006.0/SRPMS/xine-lib-1.1.0-9.2.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2006.0/X86_64:\r\n 913f831f85eb7cce65d79c46febb1973 x86_64/2006.0/RPMS/lib64xine1-1.1.0-9.2.20060mdk.x86_64.rpm\r\n cb5cbf9e7e5e3d47818ef3fc6702b04b x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-9.2.20060mdk.x86_64.rpm\r\n 1559fb1a68019ed74047b602f14c0cc9 x86_64/2006.0/RPMS/xine-aa-1.1.0-9.2.20060mdk.x86_64.rpm\r\n 931aec226e6266e10963d68e12cc3546 x86_64/2006.0/RPMS/xine-arts-1.1.0-9.2.20060mdk.x86_64.rpm\r\n 966f1ef51f097657718d45e7611c64d8 x86_64/2006.0/RPMS/xine-dxr3-1.1.0-9.2.20060mdk.x86_64.rpm\r\n 62bce4ff948e301e81ff228925dc96af x86_64/2006.0/RPMS/xine-esd-1.1.0-9.2.20060mdk.x86_64.rpm\r\n c9b162cfd51ab3877711245d14af4e1c x86_64/2006.0/RPMS/xine-flac-1.1.0-9.2.20060mdk.x86_64.rpm\r\n ffacd2cef4e3c181b12f663b19e7bda7 x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-9.2.20060mdk.x86_64.rpm\r\n 199ca828d6e3314b67330c32d45cc4a3 x86_64/2006.0/RPMS/xine-image-1.1.0-9.2.20060mdk.x86_64.rpm\r\n 81cb882870abf57921c96a66edf5185e x86_64/2006.0/RPMS/xine-plugins-1.1.0-9.2.20060mdk.x86_64.rpm\r\n 74a37edf5d9b2cb28a2ce758904b113b x86_64/2006.0/RPMS/xine-polyp-1.1.0-9.2.20060mdk.x86_64.rpm\r\n f930bcfa573f7c250f54c48564e943e1 x86_64/2006.0/RPMS/xine-smb-1.1.0-9.2.20060mdk.x86_64.rpm\r\n 424b1913ecb7aa0f96b19c71500f65a3 x86_64/2006.0/SRPMS/xine-lib-1.1.0-9.2.20060mdk.src.rpm\r\n\r\n Corporate 3.0:\r\n eb66ad363e7225f165cdbd67f6e26065 corporate/3.0/RPMS/libxine1-1-0.rc3.6.7.C30mdk.i586.rpm\r\n 6c89df1070e6b26f35d75a48cb7405ad corporate/3.0/RPMS/libxine1-devel-1-0.rc3.6.7.C30mdk.i586.rpm\r\n 6e583c278819c349670a5a305fff766c corporate/3.0/RPMS/xine-aa-1-0.rc3.6.7.C30mdk.i586.rpm\r\n e77f19f13166e42fd3df09fd9b9eba15 corporate/3.0/RPMS/xine-arts-1-0.rc3.6.7.C30mdk.i586.rpm\r\n 89d7298da642be02345cdf98d33daf00 corporate/3.0/RPMS/xine-dxr3-1-0.rc3.6.7.C30mdk.i586.rpm\r\n 1947fd6e09255382a3c797b81ba41200 corporate/3.0/RPMS/xine-esd-1-0.rc3.6.7.C30mdk.i586.rpm\r\n c39de7583826f7987a96f392daaad4ea corporate/3.0/RPMS/xine-flac-1-0.rc3.6.7.C30mdk.i586.rpm\r\n 9eb882a4d1925a5e75de338294d5fee3 corporate/3.0/RPMS/xine-gnomevfs-1-0.rc3.6.7.C30mdk.i586.rpm\r\n be189966eee8bb042e3066c9d96f0b4f corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.7.C30mdk.i586.rpm\r\n cf0248a3252c55af1e15b01efae50298 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.7.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 833c0e0f8468d4df40e300c0a72ac1cb x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.7.C30mdk.x86_64.rpm\r\n 7a802e66ab344aa9b151679d669b0620 x86_64/corporate/3.0/RPMS/lib64xine1-devel-1-0.rc3.6.7.C30mdk.x86_64.rpm\r\n 18132113599b1330359a045d11410d5d x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.7.C30mdk.x86_64.rpm\r\n 94beaa6edc2fd1be6badef18d818dc0c x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.7.C30mdk.x86_64.rpm\r\n cf0248a3252c55af1e15b01efae50298 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.7.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFDoIkfmqjQ0CJFipgRAsJPAJ90bC8k3OUmZ0/Ov+j4ART8b4W+9wCg6kdf\r\nHQwPF/7Y6E3vpgrdYViCUEk=\r\n=MIpp\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2005-12-16T00:00:00", "published": "2005-12-16T00:00:00", "id": "SECURITYVULNS:DOC:10665", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10665", "title": "MDKSA-2005:228 - Updated xine-lib packages fix buffer overflow vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-4048"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2005:232\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : gstreamer-ffmpeg\r\n Date : December 14, 2005\r\n Affected: 2006.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, \r\n which can be exploited by malicious people to cause a DoS &#40;Denial \r\n of Service&#41; and potentially to compromise a user&#39;s system.\r\n \r\n The vulnerability is caused due to a boundary error in the \r\n &quot;avcodec_default_get_buffer&#40;&#41;&quot; function of &quot;utils.c&quot; in libavcodec. \r\n This can be exploited to cause a heap-based buffer overflow when a \r\n specially-crafted 1x1 &quot;.png&quot; file containing a palette is read.\r\n \r\n Gstreamer-ffmpeg is built with a private copy of ffmpeg containing\r\n this same code.\r\n \r\n The updated packages have been patched to prevent this problem.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2006.0:\r\n 1e7f7ad8be3efcc5152901d1de9050c7 2006.0/RPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.i586.rpm\r\n 2923eb22aafa7aedd073516e47a7d94f 2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.src.rpm\r\n\r\n Mandriva Linux 2006.0/X86_64:\r\n 617b165113eb1af7e805d7c2423a771b x86_64/2006.0/RPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.x86_64.rpm\r\n 2923eb22aafa7aedd073516e47a7d94f x86_64/2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.1.20060mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFDoI2UmqjQ0CJFipgRAj5nAJ9pHRQCF/d1c0LzB9fbYJjhN3+i/wCgnyv7\r\nvBp5g+DjEjutOTklN3tvNLs=\r\n=xQN5\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2005-12-16T00:00:00", "published": "2005-12-16T00:00:00", "id": "SECURITYVULNS:DOC:10669", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10669", "title": "MDKSA-2005:232 - Updated gstreamer-ffmpeg packages fix buffer overflow vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:25:29", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4048"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1004-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 16th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : vlc\nVulnerability : buffer overflow\nProblem-Type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2005-4048\nDebian Bug : 342208\n\nSimon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\nThe vlc media player links statically against libavcodec.\n\nThe old stable distribution (woody) isn&#x27;t affected by this problem.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.8.1.svn20050314-1sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.8.4.debian-2.\n\nWe recommend that you upgrade your vlc package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1.dsc\n Size/MD5 checksum: 1883 b01ca47f88d5b1b3aa67aa9cf8558f79\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1.diff.gz\n Size/MD5 checksum: 873 f50e58c336006d091a54374866edc02d\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314.orig.tar.gz\n Size/MD5 checksum: 9746520 51ecfbb072315eacf7fcaf250c26f5cb\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 1270 d38080ad62c08a7cd260bca1309826f5\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 1278 8e832e0aa51c192025331640e5039602\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 980 26f78ab914f614b94cf20ac5e3403ae4\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 1092778 36678b430b42c0404b38d78fab6fe0fa\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 730978 ab97ad39cc17192a24355ae337996db7\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 966 440c2a0b1f27b61cd0854d140627d0d3\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 6365392 aeb7805b91ba501d491b29aeb7a21af3\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 876 249ee46d747ddd2ce87d4c08ee6f4705\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 874 f919dccff01446bc5950f6868d47e9e4\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 876 8049e253efd274026cac0f31e2f1ef4f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 870 0e677f46d898c3798bd393af55791952\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 866 189cbaf6b6c5e56678e6af172a4f153f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 11120 accad8c91e2ad6e841f0237efed25d45\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 4414 7fbdc10f3320fb31c4a6919fc4a2b84b\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 4540 bd7ed6fe7992a74f03efe2fc385e485d\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 7282 598c83b24ba1d91902ec8e84d70aed1b\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 12670 8e1fe87216a8075a4b272997f6374e9a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 860 d6762943b4d98abbdd063947611b8640\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 876 93b86a2227c493cc07c8b0fceec9633a\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_alpha.deb\n Size/MD5 checksum: 370180 e4209fed246bc1a3668b9e61bee92f90\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 1264 379a7234bf7f0f7d2c7b91afc40b312a\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 1272 2d93752b1013f1d79b4a7fe6abcd0b33\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 978 f5ab0dc02872961aeeb4c10bc5d3148a\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 720342 0448ea483c2070fd42331978ef1cd893\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 567830 6b8ff592ef5fcb1d1b725d2910857e27\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 960 ecb2724b0a7ebaf13a5efbcc581f1b30\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 5292854 319e7ed393a03d92102ddfbf1aad343d\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 872 126f3da00a6075a41aebe65d7aae356d\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 872 7267a57df602900d6e199e106598ce7c\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 872 38f5572091b203a51c6357dc82ccec0e\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 872 d70abfecbb62bd05674b90cc2b5fdc5f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 864 02bce2c4c7ef88e43358bc963b6456e3\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 9596 698dacdac907bc2e81ab587314fe4b10\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 4012 616bbeafd4986ea4cadf9011e549b3ad\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 4026 bfbe5ec6b038778cfe67039c23700249\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 6072 4648f55ed0ae7a794b94f8397c325efd\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 10746 7b7d2bddba603d40a794cb40d1c27dea\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 860 0894b3f8bb86754478c12bed8daef39f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 878 82a108cbcba89f362918f5f8ecb93cd9\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_amd64.deb\n Size/MD5 checksum: 319104 79d3f5340692fb965d6c02ae86416e7c\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 1270 5ea85ef1944893f96fd4cb90d30f19c4\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 1276 b72aaa8305e1cea138a6e7a8166cded3\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 986 87b7f664130dece1d01c27f3283c54af\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 758514 3f345d2dcbfb8e9ea5007c579ad3ffb4\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 570448 a729b4e0d0fc92d483250de31dcf6091\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 962 cd83aae8df582993546319d7b7b44e05\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 5530242 896f18fd48379a328e95ef4e8d1704d2\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 872 78a0f40eea4e418545c5e99a7533a6e8\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 870 cf2b1df43235f2eeb024d16d9ac2ad2a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 870 af84529cb40f6be2da01752bce7f4da2\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 868 0c7fdbf732e3087cb743de91c940ce95\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 860 6ed1a5d0c633c1b30d7e7f53f02fc704\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 11228 2c04d1422d9a9b489cc8b8ffc385fcab\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 5034 458eefe932c15d3925e8b6bc27092408\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 5762 c3a6f41a62f0cf62d3df149423d74337\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 7116 311f3e0b1c138b453773e4e60a5efb33\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 11350 1cfffd73d695b5702d591ba38b249ca3\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 858 eb853cefca815f8a1e5d02da9ce42c99\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 876 68a9b980dfbf9c7792c4dbf0b244b72f\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_arm.deb\n Size/MD5 checksum: 367472 ff2a9e1f55ebbf099e092c142f0f27c0\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 1268 b11c01c6d542a7ce308014aa082cd9f8\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 1276 5a17dc6435a00a6c61eb2f46ffa4e37d\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 978 3b25929af6737eda10bde9f889855b4b\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 730606 379801c652d682603de67e0d6360169b\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 582478 ab3f15702d4be55cc6d0adb169257b1d\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 964 2e8aa296f620b668f85190fbf8753ac2\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 5233412 f2a71bc850c1d60f9c11bd3b5a833e93\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 872 0b358299c9c9fd441424032191ce71fe\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 872 eb722452a2b4019d1c55d48ec9643d20\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 872 8a86c5737345110f42307f00cb3b8bb0\n http://security.debian.org/pool/updates/main/v/vlc/vlc-glide_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 874 6c9f10bb0ada48a1870d720789999d59\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 870 5290ce61e107700d46205bba224265bb\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 860 551e8e569ceb9e80d3df4d26bb68505a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 10472 cc2f18379ba2a245cfdbc252a3898e5e\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 4416 b9f647abe892f0f8419633460563dea1\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 4664 0c16df4ce41d4aa6441e8de010f64c5b\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 6390 dc6daa73a06fbd3801c4eb73ea5a1b91\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 4666 60f3ca949fef8bc0260dea98c224d02e\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 10600 9faa18878e4f6a99621f70e55df0d5f4\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 4758 ba58a78fc9c3cfd00137e0b80060ab4c\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 858 cd9de0ccf456a9393a7492b8e0d5fa13\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 876 dd98eab6d18649a981350f2caed26e09\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_i386.deb\n Size/MD5 checksum: 302410 5ea56641348661e26f9825365e91fb9b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 1264 b6db09c67b208552e7fec27b02cd1849\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 1268 5072e88b4ed09cb50413cab71d8cb264\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 980 205ba60c080bd8a3bf8b36bc44fcc39b\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 1187712 13ea12d3ba664b859bc0560823495b1d\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 947698 6cc9e574f6c99e56bd39d7a2e22a8589\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 964 daa9353db8f29e0d3e7bd9b566794974\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 7699644 b212c9fd32fab1ee84f5e5d2891ed0d1\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 872 d756ebb37ce1093b89846f1f0bbc1d41\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 872 086de669477d6ea1ddb37825bee920c8\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 874 f9bfb9d5c8f02a6fc8a39a2f516f44fa\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 874 0f020755d64d48aa9a7cc806467849d5\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 864 ed54db4b3c963da4921edbaa26d0d5b1\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 14378 20b23bb8e7433112487a1d9b7e43940f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 5338 3ae3ed82686802a7c823ad0b559903a2\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 5468 926e6de0f074bfbc9c1807b7f46979c4\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 9154 475c74c44f0d841f98c923cc1d3dffd1\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 16298 c0e3c45944b018cd1b717f5ccb8b2f68\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 860 0b816d6a1d8f84cfcdd92b6854225f8d\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 872 3b4040cd77b7bd93de8643bba3c86b47\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_ia64.deb\n Size/MD5 checksum: 485876 842867f19fc1ea1458857d66df3cecc1\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 1272 baa15d74b00633b7825de03a8125e39d\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 1276 45c3d0493cf8a624ff655c15509aee24\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 980 1ef967377e3ec5941d7ec4d34892963c\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 922806 b15c1a8c619327d069e8633930f9efe6\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 702390 53048e78414cf349d4ec05d8259e0f90\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 964 5b1075c31759d74886ae56d39238653d\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 6203232 68b2e4cd5db676c855a1b0733016ae90\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 874 0ee03e7a69e00554b61ea33d8c3c21fd\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 872 165c91773cf45c2a813c11eaa18e2ee4\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 872 898eaf28e106471da7bdd0e6de391d7b\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 870 a82cbdc1cddb73e83bf533fa9931bbce\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 862 11aaa9dfc63cddfbdf57dc31237d43e1\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 14438 f8af9b2a44b8610b8976baa2146f33c6\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 6352 6cfafa59c8fb9133881651bdf803b290\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 7164 c727dd31a958b858d8ed552e4437cf33\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 9132 5b27bf3bbfa8fe3873c9e03787c54035\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 14976 c5cb918695522793144049c5a2ae8b67\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 858 1553557e1565dc9216fa1a70836b2c8a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 876 c2299fa7393f3c6173b65307ff017ae0\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_hppa.deb\n Size/MD5 checksum: 507470 2e403b25b69bc78d25a68fc38b5d9e01\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 1270 8aacb7a9a5d60c39b0b97bc815ac5a41\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 1274 223904a103d2d964719e1b0a91f42504\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 982 4297a9b81a2b3e0d194ac33ead58bfcd\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 604666 61772836f467d5c54033465697ae6a1e\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 503948 f8dfb91dbd3bea6ed51fc947790b83a2\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 964 a3501eab5f6f7f3c72743550824603e5\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 4892970 387efe2940d1948d80dd7c7d4c6bfda7\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 874 56b09d494c4b70151dce50def53c94c3\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 876 af0690cfa7f0b141ad8bc27ec95936e6\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 876 c010ad5584afac7ed90cacd100ffa487\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 878 68c247ad6e4d40e29dec99b5904566cd\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 864 cb07835572e556c2b64c1e8004729e37\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 9502 bd4f3cd2205ff7617ea084e4de93a174\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 4040 d5a72e32bd86169e5fffc980c93d93b2\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 4322 d628fefd7db3ee97e1dcf78c52b5583f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 5840 d7bcf09a068836d93c1176e105b823af\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 9782 059bebbbe98f814679aa6dcb9207647a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 862 f05cda3d700c552d1d2a506521d67a24\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 880 4bf83b225db568a6ed53e027d63b6477\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_m68k.deb\n Size/MD5 checksum: 355280 2f68ac6a4489c11223116bfead14f925\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 1270 09dd6a627ab27ff6e927ea181ba2c8bf\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 1278 6c7c71218bd4cc53a357d4a67d138d92\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 980 199a0a91035fbc8519cc08d760ba634a\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 825582 9dd70e4f6d5cb74ec4b7bce8b6d8d59e\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 615918 ba014e7aa657d8a735558b27baf80b95\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 962 756fe1cd3f996bd060ed888fec764964\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 5699428 a2cbbd04c2601b816e8904598eb433e2\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 870 b6a0fa59dc5a1a36555b340f5abee0f0\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 870 7d0b25133afbbad04c6e817f94307e5a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 872 16ab3c88fcb5d0edd2e09bcbc1a35c41\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 870 796c0e37ab8ebde0add374df3eeff015\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 862 075d7265e38fad8d798c4b3f4ece9c17\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 11116 463bbc4bcfb0887414911f8428e9cfb3\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 5060 9150652d52363536d4e3383cfc8aa063\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 5776 4b51f056e81c92a5056bf0663d0d7d5f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 7286 b7567c692054c71e2e4e58f271385ca1\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 12242 740b0661c8d234549c7e63d7102d326b\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 858 9010f23c656de7214fab22878d3eaf27\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 878 19f17d35f767ffc6519d0f183a884c3f\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_mips.deb\n Size/MD5 checksum: 293086 c533063b6b6237bb3f19a022b4dbd52a\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 1268 579085a8d05d74d71e444ca96b5efbb0\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 1274 335f3bc3cedb0638c7e85ab1ffbcf88d\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 976 d8826bec549d1b5e6180efb26814b635\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 702992 3cf4f919bd4886382de689377d32aa81\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 558718 f610d4da2bc2d5d92994c4a3b0637f6b\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 960 e5d0ec0437a1ded17a0ce01862f1aff9\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 5451980 e1e415c582d81a23f9c0c32d9f205992\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 872 43faee885f56e1e225be45308268187b\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 872 a5f71dde2eb3be79e00b4fbd5064cde5\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 872 6c5faab624703fbe03b22be8b00dd78b\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 870 2a59c751f15043503bf4d24ecf4789a7\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 862 e10ae4e03926df41cf6ea8fd8afca0e2\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 10202 13c7786c56406c409c17c13959cdbdf6\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 5060 e54eb0035af732d56027ea6e24182de6\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 5760 d5b33192e656b728105acd152cb0f76c\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 6926 6ed298ed25acca8f60ef36b5afd28ab4\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 10878 0cd1c5cea32855d9cbe2672eb57eebe0\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 860 3d34fe58b2b98f61ae283ba759aa5e3a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 876 37a015fefe7c9cc1271816b2acd14ac0\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_mipsel.deb\n Size/MD5 checksum: 239170 907588ba2387d35252c2c6cd50850eaf\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 1268 65236e5b1c54f56050c8fea37d372968\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 1276 6236f8728bfec3becca397df29adde63\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 982 348a9c4114debd0787c9109a5db1d1aa\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 814890 6df90dfc9e4f69bd2f890b643b60c960\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 628882 9e252fa635fbd8dc1f59457b3ccf3fc8\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 966 2a93a331642b2c08766032296f4979a9\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 5689270 74afa23f229ca1c9b2fa473ad8ef2b4d\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 876 b251607e93d181e7f5d40bd6e24e35cc\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 872 b0fda95d5d4a4a37f5a3d3404a503e3b\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 874 9cb5cdd458f958d4da835198cc820e13\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 872 7e8b4ccf58023b46b504d4a04cc5a2b3\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 864 756c68917ed58eede0e49b6038d81b70\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 12696 de839dca438dba73e3a4a5e5bdbaf27a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 6468 5b3e37e18317e948e117a5cb4abf4192\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 7192 db17da3ea164fcab181d1267f956ac38\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 8618 f2771f2f152a2a04142e3c21dcf97dbd\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 14446 73a3a1b9e6fd7d93b03610da66c8e1df\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 858 9e460de3e892527051b9ede7f60c641b\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 880 620350144b8ef9d220fcd9e49a0cdc36\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_powerpc.deb\n Size/MD5 checksum: 307504 f1ebd91631d1b5069c1d2ed4ab9193d8\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 1268 1f1184319a28c49e42c845ae7a86f434\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 1272 b0cb107361d872d3335f29330bd063c1\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 978 10c5f8cc0115c1492a7d8fb4d371d149\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 761434 cb87c667dd00e0c32e5e5627339a1411\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 600492 cf00f18214c858592a2153c4775b3711\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 962 5ba377df27f26229f097a82a7f538275\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 5389092 cddfcffa60c5d747999983e7fce87947\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 870 ef8b76967e3a14233ff6bec1836dd367\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 870 7ed74ae74567e9b96d8c447902552e8c\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 870 f0d4007157a9d5e86e24947369b21e8a\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 870 35a494d6ebd4cc3ea0cc815a4037832e\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 864 4c799706c10d4a974ff649a0195094e5\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 12076 bcd7655cbb3be7a4ec6da2b64a6535de\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 5320 34967a82cbd25ed428e60927078f225d\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 6080 3cf077b122c61c497f55f9039847da8c\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 7792 6ae0731779b78db6dbc4910f22721ca1\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 12220 dfed1266e803f080daf2adb6918e6e9d\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 858 4ac0fc1b533a7a5af63e9215d30d1b37\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 876 d489fcc213c6cb1121fe1e959ffea78a\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_s390.deb\n Size/MD5 checksum: 317286 4d7f3b5cbbe6f59f499f89c9d9865ad0\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 1270 7d170f2c320a4c0b9bc146b1a1d53611\n http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 1276 a6abb3147f898b7433e551334fda0305\n http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 982 90fe26533454e3aa94d44d3ce57e2933\n http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 787032 4405b75c8012b3d9e1e491b7649c0002\n http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 629152 366282248425688fc1132e23489a2306\n http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 970 4ad9de9d0ee6f669634a05d6861f63bb\n http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 5693938 1a1e4c63fa1ec8431ea562a495af0342\n http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 874 6e522ec1d43154e848316dfe0a01e215\n http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 876 7d35e46e8543b50953bc46583b6f87b5\n http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 876 3dd30c18616e3b6716ddfefbdccbfc3f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 872 4d5ba6c83da5f721a0cb335bf099668e\n http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 866 e1bd0c86db9dc98b79f73e7e1088986d\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 11436 d38b50cc59e9d29d96d34de35f6665ad\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 4730 aaec9799ca1312c68c1f2e4b14e399b8\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 5172 3b32998278a47a7008c550b0913e69d4\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 6852 1ae7ed4dbb6918548239eafde28a3997\n http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 11762 0939fda1b15800d84890f0ad5f106f02\n http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 862 375cd4bdf769633c1c5e76905fa9603f\n http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 880 49bfb8c585d6be3614bb91ed769f4ce5\n http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_sparc.deb\n Size/MD5 checksum: 324898 8126ac57aff6f2659c5ba141be0998ac\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 7, "modified": "2006-03-16T00:00:00", "published": "2006-03-16T00:00:00", "id": "DEBIAN:DSA-1004-1:15724", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00084.html", "title": "[SECURITY] [DSA 1004-1] New vlc packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:16:38", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4048"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 992-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 10th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ffmpeg\nVulnerability : buffer overflow\nProblem-Type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2005-4048\nDebian Bug : 342207\n\nSimon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\n\nThe old stable distribution (woody) doesn&#x27;t contain ffmpeg packages.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 0.cvs20050313-2sarge1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.cvs20050918-5.1.\n\nWe recommend that you upgrade your ffmpeg package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1.dsc\n Size/MD5 checksum: 788 c342177de5cb29b6cbe7466913177eb5\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1.diff.gz\n Size/MD5 checksum: 10168 b166812b4f1a0a42958ab688a6a9b5c3\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313.orig.tar.gz\n Size/MD5 checksum: 1826023 2ac646fe7c2788df7cd23c1149d08bfa\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_alpha.deb\n Size/MD5 checksum: 6097254 20856c94289e94503cb81414bb46a757\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_alpha.deb\n Size/MD5 checksum: 3739640 de6bd06e0ad710a03003a0eed7f1530c\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_alpha.deb\n Size/MD5 checksum: 820960 535d69245a0c7904935e90b77b5797e3\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_alpha.deb\n Size/MD5 checksum: 61272 57cb698be0ed4422adb8153cc6e2a319\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_amd64.deb\n Size/MD5 checksum: 4213510 0b7bbdae2e98b397b35a33a73530d019\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_amd64.deb\n Size/MD5 checksum: 2535570 9982493d7b91176eacf42d68ede0c591\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_amd64.deb\n Size/MD5 checksum: 525590 c53090241848ece8088c23f09bf00d4f\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_amd64.deb\n Size/MD5 checksum: 41602 169b0c469dae7dc2f20b64814c498b58\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_arm.deb\n Size/MD5 checksum: 4342778 e59a13ed2b8432709040217e80dc04c6\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_arm.deb\n Size/MD5 checksum: 2712766 18f34fa3107d98c6accff0beeb83f0b1\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_arm.deb\n Size/MD5 checksum: 573938 d624c3b038ff801d3cd23a47b263429d\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_arm.deb\n Size/MD5 checksum: 40930 6e6c30c4f8569f74d52b19951ea29b10\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_i386.deb\n Size/MD5 checksum: 4087446 8f24fe8272e8e41f7a830d3a78027892\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_i386.deb\n Size/MD5 checksum: 2456904 ee10e407200d2d2cc02567206db224cb\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_i386.deb\n Size/MD5 checksum: 531312 979e39569bd3c0ad1f6921f5e69efec3\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_i386.deb\n Size/MD5 checksum: 37704 2f2a6a8a4a2c147509cbfcd33cd445b9\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_ia64.deb\n Size/MD5 checksum: 7881986 5b4310c0ab316bd81fe7a69a25277986\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_ia64.deb\n Size/MD5 checksum: 4696712 f24d29e44585e8ffe79ffef3db3cdad3\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_ia64.deb\n Size/MD5 checksum: 850884 a42456b7f2b65f905b64d2d33b03b9eb\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_ia64.deb\n Size/MD5 checksum: 65550 d5e1df2b7b36d134c54378a8ca7230a5\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_hppa.deb\n Size/MD5 checksum: 4710972 c88dca9b8a05165d3c71cb83585e01e8\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_hppa.deb\n Size/MD5 checksum: 2935898 41be367d2aa57e3693d9187834f0aeee\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_hppa.deb\n Size/MD5 checksum: 635292 f1269f876ac7fe6cc0661662cf5f133c\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_hppa.deb\n Size/MD5 checksum: 49108 bf04bb21e7878ab4f1c5c291dd324dc4\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_m68k.deb\n Size/MD5 checksum: 3367674 eae1a0ac6eefcc776886821086da3c02\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_m68k.deb\n Size/MD5 checksum: 1946552 1a8affe5ffe50060e234f760cfc0c6b1\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_m68k.deb\n Size/MD5 checksum: 455704 0b8bb387131346611599260e410100e9\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_m68k.deb\n Size/MD5 checksum: 35204 81d60fb9bf0e3f31e7d898c8a868c545\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_mips.deb\n Size/MD5 checksum: 4819902 88332fcfc313123677af6915d41be7fe\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_mips.deb\n Size/MD5 checksum: 2922904 82885dc637f3cec90c52a4fcc374fd52\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_mips.deb\n Size/MD5 checksum: 617844 18330498d03482ac6318ba0302d273d5\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_mips.deb\n Size/MD5 checksum: 51068 0514aeed19ca31901d5df9847a7cdb23\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_mipsel.deb\n Size/MD5 checksum: 5051630 f3b44c564b5678f1f21f744fc65d5172\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_mipsel.deb\n Size/MD5 checksum: 3046300 e7bc11b496bbb7028de83086eea3fcbd\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_mipsel.deb\n Size/MD5 checksum: 622342 b3e47a2440123af0a5ae6e7a7a46207f\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_mipsel.deb\n Size/MD5 checksum: 51364 4901d4219bb5b984fa20c8122f7252e5\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_powerpc.deb\n Size/MD5 checksum: 4208168 f64ca157c47e87d40fde82957a49c3b0\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_powerpc.deb\n Size/MD5 checksum: 2403206 8ce18dd5da513472a7ddac85ac59e3cd\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_powerpc.deb\n Size/MD5 checksum: 581924 8a00c2797bea34c999fc20a001a23117\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_powerpc.deb\n Size/MD5 checksum: 62764 12174e83fa8c188c30ba723eeaa35fbc\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_s390.deb\n Size/MD5 checksum: 4081458 1aae1c41a5badc5cf729b68659900006\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_s390.deb\n Size/MD5 checksum: 2358452 2209278e9891594ed5ed820c399ecbbe\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_s390.deb\n Size/MD5 checksum: 545564 49f196be05af5eacb0deff930de7517a\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_s390.deb\n Size/MD5 checksum: 40034 15b1b9c9914da5a5a9b0615e4930f148\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_sparc.deb\n Size/MD5 checksum: 4724252 55821fb402bc19238da5a10ad9be8fac\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_sparc.deb\n Size/MD5 checksum: 2924858 00937f817243eb056e5eb4ad95f006e9\n http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_sparc.deb\n Size/MD5 checksum: 559014 d492198cc33e42a6dd2ad5715a9b9464\n http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_sparc.deb\n Size/MD5 checksum: 41196 4a557e153a493f0a01e2d9e35271a07c\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2006-03-10T00:00:00", "published": "2006-03-10T00:00:00", "id": "DEBIAN:DSA-992-1:43632", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00071.html", "title": "[SECURITY] [DSA 992-1] New ffmpeg packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:21:52", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4048"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1005-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 16th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : xine-lib\nVulnerability : buffer overflow\nProblem-Type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2005-4048\nDebian Bug : 342208\n\nSimon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\nxine-lib includes a local copy of libavcodec.\n\nThe old stable distribution (woody) isn&#x27;t affected by this problem.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge2.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0.1-1.5.\n\nWe recommend that you upgrade your xine-lib package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge2.dsc\n Size/MD5 checksum: 1061 158c6502017809a4541cd265db09621c\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge2.diff.gz\n Size/MD5 checksum: 2986 5fd44fe96e5108cf679ef44f192613c4\n http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz\n Size/MD5 checksum: 7774954 9be804b337c6c3a2e202c5a7237cb0f8\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_alpha.deb\n Size/MD5 checksum: 107588 7f06d1cb985a61ca44fa3461a3eaf3cc\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_alpha.deb\n Size/MD5 checksum: 4829082 228ff31121d6f76cd2b0fc7daa158f74\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_amd64.deb\n Size/MD5 checksum: 107590 92ee9f9935602150c66322e69216775b\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_amd64.deb\n Size/MD5 checksum: 3933250 73db71eeca2783969628c539a2b1727c\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_arm.deb\n Size/MD5 checksum: 107654 1d56163fe790f670a1ecd4332ed83502\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_arm.deb\n Size/MD5 checksum: 3878282 9bbe8e8aa694871113c3cb7de0a7def7\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_i386.deb\n Size/MD5 checksum: 107596 27a603fb3792421dcd31638a00fd25fd\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_i386.deb\n Size/MD5 checksum: 4149238 c8d553662c11bd6706cd24db83ff3e13\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_ia64.deb\n Size/MD5 checksum: 107594 9938d8ee69efa27b7a25301a496bc430\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_ia64.deb\n Size/MD5 checksum: 5620582 1e3db94b9aa316e83f51a85bdd5a0a8a\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_hppa.deb\n Size/MD5 checksum: 107608 6f845dc1fff976cbdcdd4776682a9670\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_hppa.deb\n Size/MD5 checksum: 3598606 06e65ffffcb9affa54daf57237a3104e\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_m68k.deb\n Size/MD5 checksum: 107664 131691f86da71a21b9d76da8336aa73d\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_m68k.deb\n Size/MD5 checksum: 3175090 cd32d601e7995a4d9afe5e5ef3aa9265\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_mips.deb\n Size/MD5 checksum: 107608 e016c8dfa33cfa0aeffe77561fc47816\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_mips.deb\n Size/MD5 checksum: 4066510 94b3b4b636445b2f2868257da0e4ed8a\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_mipsel.deb\n Size/MD5 checksum: 107618 77ef505e76633f2988266895d8aef11e\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_mipsel.deb\n Size/MD5 checksum: 4125316 a69dadfed306d4a5ff60af974902e62b\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_powerpc.deb\n Size/MD5 checksum: 107598 95bae26d250d4732245bdd214d1aa37b\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_powerpc.deb\n Size/MD5 checksum: 4305414 9a3e7db8d41aea9c97203ae900f2af15\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_s390.deb\n Size/MD5 checksum: 107614 eebbc0c91ef9e722d54a2865868e92de\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_s390.deb\n Size/MD5 checksum: 3880702 ef870d364e6fe56738428ecf5114306d\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_sparc.deb\n Size/MD5 checksum: 107606 d8362ffec437eee6e7be5493a68ab09c\n http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_sparc.deb\n Size/MD5 checksum: 4360416 621bd23b8edc84222d1e8a3d150a66ff\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 11, "modified": "2006-03-16T00:00:00", "published": "2006-03-16T00:00:00", "id": "DEBIAN:DSA-1005-1:A8636", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00085.html", "title": "[SECURITY] [DSA 1005-1] New xine-lib packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "cvelist": ["CVE-2005-4048"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-992)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-1005)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2006/dsa-1004)\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200601-06.xml)\n[Secunia Advisory ID:18066](https://secuniaresearch.flexerasoftware.com/advisories/18066/)\n[Secunia Advisory ID:21921](https://secuniaresearch.flexerasoftware.com/advisories/21921/)\n[Secunia Advisory ID:17892](https://secuniaresearch.flexerasoftware.com/advisories/17892/)\n[Secunia Advisory ID:18107](https://secuniaresearch.flexerasoftware.com/advisories/18107/)\n[Secunia Advisory ID:18400](https://secuniaresearch.flexerasoftware.com/advisories/18400/)\n[Secunia Advisory ID:19114](https://secuniaresearch.flexerasoftware.com/advisories/19114/)\n[Secunia Advisory ID:19192](https://secuniaresearch.flexerasoftware.com/advisories/19192/)\n[Secunia Advisory ID:19279](https://secuniaresearch.flexerasoftware.com/advisories/19279/)\n[Secunia Advisory ID:19272](https://secuniaresearch.flexerasoftware.com/advisories/19272/)\n[Secunia Advisory ID:18087](https://secuniaresearch.flexerasoftware.com/advisories/18087/)\n[Secunia Advisory ID:18746](https://secuniaresearch.flexerasoftware.com/advisories/18746/)\n[Secunia Advisory ID:18739](https://secuniaresearch.flexerasoftware.com/advisories/18739/)\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-230-2/\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-09.xml\nOther Advisory URL: http://www.ubuntulinux.org/usn/usn-230-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml\nMail List Post: http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558\n[CVE-2005-4048](https://vulners.com/cve/CVE-2005-4048)\n", "modified": "2005-11-30T10:18:11", "published": "2005-11-30T10:18:11", "href": "https://vulners.com/osvdb/OSVDB:21458", "id": "OSVDB:21458", "title": "FFmpeg libavcodec avcodec_default_get_buffer Function Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:10", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4048", "CVE-2006-2802"], "description": "New xine-lib packages are available for Slackware 10.2 and -current to\nfix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802\n\nEvidently there is also an issue involving AVI files which has not\nbeen issued a CVE entry.\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/xine-lib-1.1.2-i686-1.tgz:\n Upgraded to xine-lib-1.1.2.\n According to xinehq.de's announcement:\n There are three security fixes:\n - CVE-2005-4048: possible buffer overflow in libavcodec (crafted PNGs);\n - CVE-2006-2802: possible buffer overflow in the HTTP plugin;\n - possible buffer overflow via bad indexes in specially-crafted AVI files.\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xine-lib-1.1.2-i686-1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xine-lib-1.1.2-i686-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.2 package:\nd5d3dcd06fd6cc4f68d2a4717f507f21 xine-lib-1.1.2-i686-1.tgz\n\nSlackware -current package:\na82c9b20ccaec12f770cc1e4f63511d7 xine-lib-1.1.2-i686-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xine-lib-1.1.2-i686-1.tgz", "modified": "2006-07-26T21:25:49", "published": "2006-07-26T21:25:49", "id": "SSA-2006-207-04", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.391759", "type": "slackware", "title": "[slackware-security] xine-lib", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}