Vulnerabilities > CVE-2017-14223 - Resource Exhaustion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- XML Ping of the Death An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
- XML Entity Expansion An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
- Inducing Account Lockout An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
- Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1067.NASL description This update introduces lame and twolame. For ffmpeg2 it updates to version 2.8.13 and fixes several issues. These security issues were fixed : - CVE-2017-14058: The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop) (bsc#1056762). - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted ASF file, which claims a large last seen 2020-06-05 modified 2017-09-18 plugin id 103289 published 2017-09-18 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103289 title openSUSE Security Update : ffmpeg / ffmpeg2 (openSUSE-2017-1067) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-1067. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(103289); script_version("3.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-10190", "CVE-2016-10191", "CVE-2016-10192", "CVE-2016-9561", "CVE-2017-11399", "CVE-2017-14054", "CVE-2017-14055", "CVE-2017-14056", "CVE-2017-14057", "CVE-2017-14058", "CVE-2017-14059", "CVE-2017-14169", "CVE-2017-14170", "CVE-2017-14171", "CVE-2017-14222", "CVE-2017-14223", "CVE-2017-14225", "CVE-2017-7863", "CVE-2017-7865", "CVE-2017-7866"); script_name(english:"openSUSE Security Update : ffmpeg / ffmpeg2 (openSUSE-2017-1067)"); script_summary(english:"Check for the openSUSE-2017-1067 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update introduces lame and twolame. For ffmpeg2 it updates to version 2.8.13 and fixes several issues. These security issues were fixed : - CVE-2017-14058: The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop) (bsc#1056762). - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted ASF file, which claims a large 'name_len' or 'count' field in the header but did not contain sufficient backing data, was provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056761). - CVE-2017-14059: A DoS in cine_read_header() due to lack of an EOF check might have caused huge CPU and memory consumption. When a crafted CINE file, which claims a large 'duration' field in the header but did not contain sufficient backing data, was provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056763). - CVE-2017-14056: A DoS in rl2_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted RL2 file, which claims a large 'frame_count' field in the header but did not contain sufficient backing data, was provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056760). - CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted MV file, which claims a large 'nb_frames' field in the header but did not contain sufficient backing data, was provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056766). - boo#1046211: Lots of integer overflow fixes - CVE-2016-9561: The che_configure function in libavcodec/aacdec_template.c in FFmpeg allowed remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file (boo#1015120) - CVE-2017-7863: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c (boo#1034179) - CVE-2017-7865: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c (boo#1034177) - CVE-2017-7866: FFmpeg had an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c (boo#1034176) - CVE-2016-10190: Heap-based buffer overflow in libavformat/http.c in FFmpeg allowed remote web servers to execute arbitrary code via a negative chunk size in an HTTP response (boo#1022920) - CVE-2016-10191: Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg allowed remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches (boo#1022921) - CVE-2016-10192: Heap-based buffer overflow in ffserver.c in FFmpeg allowed remote attackers to execute arbitrary code by leveraging failure to check chunk size (boo#1022922) - CVE-2017-14169: In the mxf_read_primer_pack function an integer signedness error have might occured when a crafted file, which claims a large 'item_num' field such as 0xffffffff, was provided. As a result, the variable 'item_num' turns negative, bypassing the check for a large value (bsc#1057536). - CVE-2017-14170: Prevent DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted MXF file, which claims a large 'nb_index_entries' field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU resources, since there was no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file (bsc#1057537). - CVE-2017-14171: Prevent DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check taht might have caused huge CPU consumption. When a crafted NSV file, which claims a large 'table_entries_used' field in the header but did not contain sufficient backing data, was provided, the loop over 'table_entries_used' would consume huge CPU resources, since there was no EOF check inside the loop (bsc#1057539). - CVE-2017-14223: Prevent DoS in asf_build_simple_index() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted ASF file, which claims a large 'ict' field in the header but did not contain sufficient backing data, was provided, the for loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058019) - CVE-2017-14222: Prevent DoS in read_tfra() due to lack of an EOF (End of File) check that might have caused huge CPU and memory consumption. When a crafted MOV file, which claims a large 'item_count' field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058020) These non-security issues were fixed : - Unconditionalize celt, ass, openjpeg, webp, libva, vdpau. - Build unconditionally with lame and twolame - Enable AC3 and MP3 decoding to match multimedia:libs/ffmpeg (3.x) For ffmpeg it updates to version 3.3.4 and fixes several issues. These security issues were fixed : - CVE-2017-14225: The av_color_primaries_name function may have returned a NULL pointer depending on a value contained in a file, but callers did not anticipate this, leading to a NULL pointer dereference (bsc#1058018). - CVE-2017-14223: Prevent DoS in asf_build_simple_index() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted ASF file, which claims a large 'ict' field in the header but did not contain sufficient backing data, was provided, the for loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058019). - CVE-2017-14222: Prevent DoS in read_tfra() due to lack of an EOF (End of File) check that might have caused huge CPU and memory consumption. When a crafted MOV file, which claims a large 'item_count' field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058020). - CVE-2017-14058: The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop) (bsc#1056762) - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted ASF file, which claims a large 'name_len' or 'count' field in the header but did not contain sufficient backing data, was provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056761) - CVE-2017-14059: A DoS in cine_read_header() due to lack of an EOF check might have caused huge CPU and memory consumption. When a crafted CINE file, which claims a large 'duration' field in the header but did not contain sufficient backing data, was provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056763) - CVE-2017-14054: A DoS in ivr_read_header() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted IVR file, which claims a large 'len' field in the header but did not contain sufficient backing data, was provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1056765). - CVE-2017-14056: A DoS in rl2_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted RL2 file, which claims a large 'frame_count' field in the header but did not contain sufficient backing data, was provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056760) - CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted MV file, which claims a large 'nb_frames' field in the header but did not contain sufficient backing data, was provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056766) - CVE-2017-11399: Integer overflow in the ape_decode_frame function allowed remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file (bsc#1049095). - CVE-2017-14171: Prevent DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check taht might have caused huge CPU consumption. When a crafted NSV file, which claims a large 'table_entries_used' field in the header but did not contain sufficient backing data, was provided, the loop over 'table_entries_used' would consume huge CPU resources, since there was no EOF check inside the loop (bsc#1057539) - CVE-2017-14170: Prevent DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted MXF file, which claims a large 'nb_index_entries' field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU resources, since there was no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file (bsc#1057537) - CVE-2017-14169: In the mxf_read_primer_pack function an integer signedness error have might occured when a crafted file, which claims a large 'item_num' field such as 0xffffffff, was provided. As a result, the variable 'item_num' turns negative, bypassing the check for a large value (bsc#1057536) It also includes various fixes for integer overflows and too-large bit shifts that didn't receive a CVE. These non-security issues were fixed : - Unconditionalize celt, ass, openjpeg, webp, netcdf, libva, vdpau. - Build unconditionally with lame and twolame - Enabled cuda and cuvid for unrestricted build. - Add additional checks to ensure MPEG is off" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015120" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022920" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022921" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022922" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034176" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034177" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034179" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1046211" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049095" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056760" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056761" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056762" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056763" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056765" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056766" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057536" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057537" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057539" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058018" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058019" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058020" ); script_set_attribute( attribute:"solution", value:"Update the affected ffmpeg / ffmpeg2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-mp3rtp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtwolame-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtwolame0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtwolame0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtwolame0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtwolame0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:twolame"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:twolame-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:twolame-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"ffmpeg-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ffmpeg-debuginfo-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ffmpeg-debugsource-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ffmpeg2-debugsource-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ffmpeg2-devel-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"lame-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"lame-debuginfo-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"lame-debugsource-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"lame-mp3rtp-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"lame-mp3rtp-debuginfo-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavcodec-devel-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavcodec56-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavcodec56-debuginfo-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavcodec57-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavcodec57-debuginfo-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavdevice-devel-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavdevice56-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavdevice56-debuginfo-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavdevice57-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavdevice57-debuginfo-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavfilter-devel-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavfilter5-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavfilter5-debuginfo-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavfilter6-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavfilter6-debuginfo-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavformat-devel-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavformat56-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavformat56-debuginfo-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavformat57-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavformat57-debuginfo-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavresample-devel-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavresample2-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavresample2-debuginfo-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavresample3-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavresample3-debuginfo-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavutil-devel-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavutil54-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavutil54-debuginfo-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavutil55-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavutil55-debuginfo-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libmp3lame-devel-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libmp3lame0-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libmp3lame0-debuginfo-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libpostproc-devel-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libpostproc53-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libpostproc53-debuginfo-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libpostproc54-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libpostproc54-debuginfo-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswresample-devel-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswresample1-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswresample1-debuginfo-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswresample2-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswresample2-debuginfo-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswscale-devel-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswscale3-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswscale3-debuginfo-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswscale4-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswscale4-debuginfo-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libtwolame-devel-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libtwolame0-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libtwolame0-debuginfo-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"twolame-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"twolame-debuginfo-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"twolame-debugsource-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavcodec56-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavcodec56-debuginfo-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavcodec57-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavcodec57-debuginfo-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavdevice56-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavdevice56-debuginfo-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavdevice57-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavdevice57-debuginfo-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavfilter5-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavfilter5-debuginfo-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavfilter6-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavfilter6-debuginfo-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavformat56-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavformat56-debuginfo-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavformat57-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavformat57-debuginfo-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavresample2-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavresample2-debuginfo-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavresample3-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavresample3-debuginfo-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavutil54-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavutil54-debuginfo-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavutil55-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavutil55-debuginfo-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmp3lame0-32bit-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmp3lame0-debuginfo-32bit-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libpostproc53-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libpostproc53-debuginfo-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libpostproc54-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libpostproc54-debuginfo-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswresample1-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswresample1-debuginfo-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswresample2-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswresample2-debuginfo-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswscale3-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswscale3-debuginfo-32bit-2.8.13-32.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswscale4-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswscale4-debuginfo-32bit-3.3.4-7.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libtwolame0-32bit-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libtwolame0-debuginfo-32bit-0.3.13-2.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ffmpeg / ffmpeg-debuginfo / ffmpeg-debugsource / libavcodec-devel / etc"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1068.NASL description This update introduces lame and twolame. For ffmpeg2 it updates to version 2.8.13 and fixes several issues. These security issues were fixed : - CVE-2017-14058: The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop) (bsc#1056762) - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted ASF file, which claims a large last seen 2020-06-05 modified 2017-09-18 plugin id 103290 published 2017-09-18 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103290 title openSUSE Security Update : ffmpeg / ffmpeg2 (openSUSE-2017-1068) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-1068. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(103290); script_version("3.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-11399", "CVE-2017-14054", "CVE-2017-14055", "CVE-2017-14056", "CVE-2017-14057", "CVE-2017-14058", "CVE-2017-14059", "CVE-2017-14169", "CVE-2017-14170", "CVE-2017-14171", "CVE-2017-14222", "CVE-2017-14223", "CVE-2017-14225"); script_name(english:"openSUSE Security Update : ffmpeg / ffmpeg2 (openSUSE-2017-1068)"); script_summary(english:"Check for the openSUSE-2017-1068 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update introduces lame and twolame. For ffmpeg2 it updates to version 2.8.13 and fixes several issues. These security issues were fixed : - CVE-2017-14058: The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop) (bsc#1056762) - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted ASF file, which claims a large 'name_len' or 'count' field in the header but did not contain sufficient backing data, was provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056761) - CVE-2017-14059: A DoS in cine_read_header() due to lack of an EOF check might have caused huge CPU and memory consumption. When a crafted CINE file, which claims a large 'duration' field in the header but did not contain sufficient backing data, was provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056763) - CVE-2017-14056: A DoS in rl2_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted RL2 file, which claims a large 'frame_count' field in the header but did not contain sufficient backing data, was provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056760) - CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted MV file, which claims a large 'nb_frames' field in the header but did not contain sufficient backing data, was provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056766) - boo#1046211: Lots of integer overflow fixes - CVE-2017-14169: In the mxf_read_primer_pack function an integer signedness error have might occured when a crafted file, which claims a large 'item_num' field such as 0xffffffff, was provided. As a result, the variable 'item_num' turns negative, bypassing the check for a large value (bsc#1057536) - CVE-2017-14170: Prevent DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted MXF file, which claims a large 'nb_index_entries' field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU resources, since there was no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file (bsc#1057537) - CVE-2017-14171: Prevent DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check taht might have caused huge CPU consumption. When a crafted NSV file, which claims a large 'table_entries_used' field in the header but did not contain sufficient backing data, was provided, the loop over 'table_entries_used' would consume huge CPU resources, since there was no EOF check inside the loop (bsc#1057539) - !: CVE-2017-14223: Prevent DoS in asf_build_simple_index() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted ASF file, which claims a large 'ict' field in the header but did not contain sufficient backing data, was provided, the for loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058019) - !: CVE-2017-14222: Prevent DoS in read_tfra() due to lack of an EOF (End of File) check that might have caused huge CPU and memory consumption. When a crafted MOV file, which claims a large 'item_count' field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058020) These non-security issues were fixed : - Unconditionalize celt, ass, openjpeg, webp, libva, vdpau. - Build unconditionally with lame and twolame For ffmpeg it updates to version 3.3.4 and fixes several issues. These security issues were fixed : - CVE-2017-14058: The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop) (bsc#1056762) - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted ASF file, which claims a large 'name_len' or 'count' field in the header but did not contain sufficient backing data, was provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056761) - CVE-2017-14059: A DoS in cine_read_header() due to lack of an EOF check might have caused huge CPU and memory consumption. When a crafted CINE file, which claims a large 'duration' field in the header but did not contain sufficient backing data, was provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056763) - CVE-2017-14054: A DoS in ivr_read_header() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted IVR file, which claims a large 'len' field in the header but did not contain sufficient backing data, was provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1056765) - CVE-2017-14056: A DoS in rl2_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted RL2 file, which claims a large 'frame_count' field in the header but did not contain sufficient backing data, was provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056760) - CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted MV file, which claims a large 'nb_frames' field in the header but did not contain sufficient backing data, was provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056766) - CVE-2017-11399: Integer overflow in the ape_decode_frame function allowed remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file (bsc#1049095) - CVE-2017-14171: Prevent DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check taht might have caused huge CPU consumption. When a crafted NSV file, which claims a large 'table_entries_used' field in the header but did not contain sufficient backing data, was provided, the loop over 'table_entries_used' would consume huge CPU resources, since there was no EOF check inside the loop (bsc#1057539) - CVE-2017-14170: Prevent DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted MXF file, which claims a large 'nb_index_entries' field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU resources, since there was no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file (bsc#1057537) - CVE-2017-14169: In the mxf_read_primer_pack function an integer signedness error have might occured when a crafted file, which claims a large 'item_num' field such as 0xffffffff, was provided. As a result, the variable 'item_num' turns negative, bypassing the check for a large value (bsc#1057536) - CVE-2017-14225: The av_color_primaries_name function may have returned a NULL pointer depending on a value contained in a file, but callers did not anticipate this, leading to a NULL pointer dereference (bsc#1058018) - CVE-2017-14223: Prevent DoS in asf_build_simple_index() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted ASF file, which claims a large 'ict' field in the header but did not contain sufficient backing data, was provided, the for loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058019) - CVE-2017-14222: Prevent DoS in read_tfra() due to lack of an EOF (End of File) check that might have caused huge CPU and memory consumption. When a crafted MOV file, which claims a large 'item_count' field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058020) It also includes various fixes for integer overflows and too-large bit shifts that didn't receive a CVE. These non-security issues were fixed : - Unconditionalize celt, ass, openjpeg, webp, netcdf, libva, vdpau. - Build unconditionally with lame and twolame - boo#1041794: Disable cuda extensions - Add additional checks to ensure MPEG is off" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1041794" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1046211" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049095" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056760" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056761" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056762" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056763" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056765" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056766" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057536" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057537" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057539" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058018" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058019" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058020" ); script_set_attribute( attribute:"solution", value:"Update the affected ffmpeg / ffmpeg2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-mp3rtp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lame-mp3rtp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmp3lame0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtwolame-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtwolame0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtwolame0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtwolame0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtwolame0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:twolame"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:twolame-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:twolame-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"ffmpeg-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"ffmpeg-debuginfo-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"ffmpeg-debugsource-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"ffmpeg2-debugsource-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"ffmpeg2-devel-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"lame-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"lame-debuginfo-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"lame-debugsource-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"lame-mp3rtp-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"lame-mp3rtp-debuginfo-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavcodec-devel-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavcodec56-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavcodec56-debuginfo-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavcodec57-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavcodec57-debuginfo-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavdevice-devel-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavdevice56-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavdevice56-debuginfo-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavdevice57-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavdevice57-debuginfo-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavfilter-devel-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavfilter5-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavfilter5-debuginfo-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavfilter6-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavfilter6-debuginfo-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavformat-devel-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavformat56-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavformat56-debuginfo-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavformat57-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavformat57-debuginfo-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavresample-devel-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavresample2-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavresample2-debuginfo-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavresample3-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavresample3-debuginfo-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavutil-devel-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavutil54-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavutil54-debuginfo-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavutil55-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libavutil55-debuginfo-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmp3lame-devel-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmp3lame0-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmp3lame0-debuginfo-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libpostproc-devel-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libpostproc53-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libpostproc53-debuginfo-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libpostproc54-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libpostproc54-debuginfo-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libswresample-devel-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libswresample1-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libswresample1-debuginfo-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libswresample2-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libswresample2-debuginfo-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libswscale-devel-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libswscale3-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libswscale3-debuginfo-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libswscale4-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libswscale4-debuginfo-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libtwolame-devel-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libtwolame0-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libtwolame0-debuginfo-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"twolame-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"twolame-debuginfo-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"twolame-debugsource-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavcodec56-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavcodec56-debuginfo-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavcodec57-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavcodec57-debuginfo-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavdevice56-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavdevice56-debuginfo-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavdevice57-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavdevice57-debuginfo-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavfilter5-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavfilter5-debuginfo-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavfilter6-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavfilter6-debuginfo-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavformat56-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavformat56-debuginfo-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavformat57-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavformat57-debuginfo-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavresample2-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavresample2-debuginfo-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavresample3-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavresample3-debuginfo-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavutil54-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavutil54-debuginfo-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavutil55-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libavutil55-debuginfo-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmp3lame0-32bit-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmp3lame0-debuginfo-32bit-3.99.5-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libpostproc53-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libpostproc53-debuginfo-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libpostproc54-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libpostproc54-debuginfo-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libswresample1-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libswresample1-debuginfo-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libswresample2-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libswresample2-debuginfo-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libswscale3-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libswscale3-debuginfo-32bit-2.8.13-25.10.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libswscale4-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libswscale4-debuginfo-32bit-3.3.4-6.16.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libtwolame0-32bit-0.3.13-2.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libtwolame0-debuginfo-32bit-0.3.13-2.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ffmpeg / ffmpeg-debuginfo / ffmpeg-debugsource / libavcodec-devel / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3996.NASL description Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed. last seen 2020-06-01 modified 2020-06-02 plugin id 103758 published 2017-10-11 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103758 title Debian DSA-3996-1 : ffmpeg - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3996. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(103758); script_version("3.3"); script_cvs_date("Date: 2018/11/10 11:49:38"); script_cve_id("CVE-2017-14054", "CVE-2017-14055", "CVE-2017-14056", "CVE-2017-14057", "CVE-2017-14058", "CVE-2017-14059", "CVE-2017-14169", "CVE-2017-14170", "CVE-2017-14171", "CVE-2017-14222", "CVE-2017-14223", "CVE-2017-14225", "CVE-2017-14767"); script_xref(name:"DSA", value:"3996"); script_name(english:"Debian DSA-3996-1 : ffmpeg - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS, Phantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/ffmpeg" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2017/dsa-3996" ); script_set_attribute( attribute:"solution", value: "Upgrade the ffmpeg packages. For the stable distribution (stretch), these problems have been fixed in version 7:3.2.8-1~deb9u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ffmpeg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"ffmpeg", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"ffmpeg-doc", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libav-tools", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavcodec-dev", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavcodec-extra", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavcodec-extra57", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavcodec57", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavdevice-dev", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavdevice57", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavfilter-dev", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavfilter-extra", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavfilter-extra6", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavfilter6", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavformat-dev", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavformat57", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavresample-dev", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavresample3", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavutil-dev", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libavutil55", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpostproc-dev", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libpostproc54", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libswresample-dev", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libswresample2", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libswscale-dev", reference:"7:3.2.8-1~deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libswscale4", reference:"7:3.2.8-1~deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1654.NASL description Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2014-8542 libavcodec/utils.c omitted a certain codec ID during enforcement of alignment, which allowed remote attackers to cause a denial of ervice (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. CVE-2015-1207 Double-free vulnerability in libavformat/mov.c allowed remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. CVE-2017-7863 libav had an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. CVE-2017-7865 libav had an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. CVE-2017-14169 In the mxf_read_primer_pack function in libavformat/mxfdec.c in, an integer signedness error might have occured when a crafted file, claiming a large last seen 2020-03-17 modified 2019-02-07 plugin id 121622 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121622 title Debian DLA-1654-1 : libav security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1654-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(121622); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20"); script_cve_id("CVE-2014-8542", "CVE-2015-1207", "CVE-2017-14169", "CVE-2017-14223", "CVE-2017-7863", "CVE-2017-7865"); script_bugtraq_id(70881); script_name(english:"Debian DLA-1654-1 : libav security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. CVE-2014-8542 libavcodec/utils.c omitted a certain codec ID during enforcement of alignment, which allowed remote attackers to cause a denial of ervice (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. CVE-2015-1207 Double-free vulnerability in libavformat/mov.c allowed remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. CVE-2017-7863 libav had an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. CVE-2017-7865 libav had an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. CVE-2017-14169 In the mxf_read_primer_pack function in libavformat/mxfdec.c in, an integer signedness error might have occured when a crafted file, claiming a large 'item_num' field such as 0xffffffff, was provided. As a result, the variable 'item_num' turned negative, bypassing the check for a large value. CVE-2017-14223 In libavformat/asfdec_f.c a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted ASF file, claiming a large 'ict' field in the header but not containing sufficient backing data, was provided, the for loop would have consumed huge CPU and memory resources, since there was no EOF check inside the loop. For Debian 8 'Jessie', these problems have been fixed in version 6:11.12-1~deb8u5. We recommend that you upgrade your libav packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/libav" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libav-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libav-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libav-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavcodec-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavcodec-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavcodec-extra-56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavcodec56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavdevice-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavdevice55"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavfilter-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavfilter5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavformat-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavformat56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavresample-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavresample2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavutil-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libavutil54"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libswscale-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libswscale3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/05"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libav-dbg", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libav-doc", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libav-tools", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavcodec-dev", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavcodec-extra", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavcodec-extra-56", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavcodec56", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavdevice-dev", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavdevice55", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavfilter-dev", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavfilter5", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavformat-dev", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavformat56", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavresample-dev", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavresample2", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavutil-dev", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libavutil54", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libswscale-dev", reference:"6:11.12-1~deb8u5")) flag++; if (deb_check(release:"8.0", prefix:"libswscale3", reference:"6:11.12-1~deb8u5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_ED73829DAF6D11E7A633009C02A2AB30.NASL description FFmpeg security reports : Multiple vulnerabilities have been fixed in FFmpeg 3.3.4. Please refer to the CVE list for details. last seen 2020-06-01 modified 2020-06-02 plugin id 103844 published 2017-10-16 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103844 title FreeBSD : FFmpeg -- multiple vulnerabilities (ed73829d-af6d-11e7-a633-009c02a2ab30) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(103844); script_version("3.4"); script_cvs_date("Date: 2018/11/10 11:49:46"); script_cve_id("CVE-2017-14054", "CVE-2017-14055", "CVE-2017-14056", "CVE-2017-14057", "CVE-2017-14058", "CVE-2017-14059", "CVE-2017-14169", "CVE-2017-14170", "CVE-2017-14171", "CVE-2017-14222", "CVE-2017-14223", "CVE-2017-14225", "CVE-2017-14767"); script_name(english:"FreeBSD : FFmpeg -- multiple vulnerabilities (ed73829d-af6d-11e7-a633-009c02a2ab30)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "FFmpeg security reports : Multiple vulnerabilities have been fixed in FFmpeg 3.3.4. Please refer to the CVE list for details." ); script_set_attribute( attribute:"see_also", value:"https://www.ffmpeg.org/security.html" ); # https://vuxml.freebsd.org/freebsd/ed73829d-af6d-11e7-a633-009c02a2ab30.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aa59712d" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ffmpeg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mythtv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mythtv-frontend"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/11"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"ffmpeg<3.3.4")) flag++; if (pkg_test(save_report:TRUE, pkg:"mythtv<29.1,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"mythtv-frontend<29.1,1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://www.debian.org/security/2017/dsa-3996
- http://www.debian.org/security/2017/dsa-3996
- http://www.securityfocus.com/bid/100703
- http://www.securityfocus.com/bid/100703
- https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97
- https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97
- https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html
- https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html