Vulnerabilities > CVE-2017-17555 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-24.NASL description This update for ffmpeg-4 fixes the following issues : ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153 - CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 allowed remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified. (bsc#1133153) - For other changes see /usr/share/doc/packages/libavcodec58/Changelog Update to version 4.2.1 : - Stable bug fix release, mainly codecs and format fixes. - CVE-2019-15942: Conditional jump or move depends on uninitialised value last seen 2020-06-01 modified 2020-06-02 plugin id 132910 published 2020-01-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132910 title openSUSE Security Update : ffmpeg-4 (openSUSE-2020-24) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-24. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(132910); script_version("1.2"); script_cvs_date("Date: 2020/01/17"); script_cve_id("CVE-2017-17555", "CVE-2018-13305", "CVE-2019-11338", "CVE-2019-11339", "CVE-2019-15942"); script_name(english:"openSUSE Security Update : ffmpeg-4 (openSUSE-2020-24)"); script_summary(english:"Check for the openSUSE-2020-24 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for ffmpeg-4 fixes the following issues : ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153 - CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 allowed remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified. (bsc#1133153) - For other changes see /usr/share/doc/packages/libavcodec58/Changelog Update to version 4.2.1 : - Stable bug fix release, mainly codecs and format fixes. - CVE-2019-15942: Conditional jump or move depends on uninitialised value' issue in h2645_parse (boo#1149839) Update to FFmpeg 4.2 'Ada' - tpad filter - AV1 decoding support through libdav1d - dedot filter - chromashift and rgbashift filters - freezedetect filter - truehd_core bitstream filter - dhav demuxer - PCM-DVD encoder - GIF parser - vividas demuxer - hymt decoder - anlmdn filter - maskfun filter - hcom demuxer and decoder - ARBC decoder - libaribb24 based ARIB STD-B24 caption support (profiles A and C) - Support decoding of HEVC 4:4:4 content in nvdec and cuviddec - removed libndi-newtek - agm decoder - KUX demuxer - AV1 frame split bitstream filter - lscr decoder - lagfun filter - asoftclip filter - Support decoding of HEVC 4:4:4 content in vdpau - colorhold filter - xmedian filter - asr filter - showspatial multimedia filter - VP4 video decoder - IFV demuxer - derain filter - deesser filter - mov muxer writes tracks with unspecified language instead of English by default - added support for using clang to compile CUDA kernels - See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog. Update to version 4.1.4 - See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog. - Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen Update to version 4.1.3 : - Updates and bug fixes for codecs, filters and formats. [boo#1133153, boo#1133155, CVE-2019-11338, CVE-2019-11339] Update to version 4.1.2 : - Updates and bug fixes for codecs, filters and formats. Update to version 4.1.1 : - Various filter and codec fixes and enhancements. - configure: Add missing xlib dependency for VAAPI X11 code. - For complete changelog, see /usr/share/doc/packages/ffmpeg-4/Changelog - enable AV1 support on x86_64 Update ffmpeg to 4.1 : - Lots of filter updates as usual: deblock, tmix, aplify, fftdnoiz, aderivative, aintegral, pal75bars, pal100bars, adeclick, adeclip, lensfun (wrapper), colorconstancy, 1D LUT filter (lut1d), cue, acue, transpose_npp, amultiply, Block-Matching 3d (bm3d) denoising filter, acrossover filter, audio denoiser as afftdn filter, sinc audio filter source, chromahold, setparams, vibrance, xstack, (a)graphmonitor filter yadif_cuda filter. - AV1 parser - Support for AV1 in MP4 - PCM VIDC decoder and encoder - libtensorflow backend for DNN based filters like srcnn - -- The following only enabled in third-party builds : - ATRAC9 decoder - AVS2 video decoder via libdavs2 - IMM4 video decoder - Brooktree ProSumer video decoder - MatchWare Screen Capture Codec decoder - WinCam Motion Video decoder - RemotelyAnywhere Screen Capture decoder - AVS2 video encoder via libxavs2 - ILBC decoder - SER demuxer - Decoding S12M timecode in H264 - For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1 Update ffmpeg to 4.0.3 : - For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3 - CVE-2018-13305: Added a missing check for negative values of mqaunt variable (boo#1100345)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100345" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133123" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133153" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133155" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149839" ); script_set_attribute( attribute:"see_also", value:"https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3" ); script_set_attribute( attribute:"see_also", value:"https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1" ); script_set_attribute( attribute:"solution", value:"Update the affected ffmpeg-4 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-libavcodec-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-libavdevice-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-libavfilter-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-libavformat-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-libavresample-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-libavutil-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-libpostproc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-libswresample-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-libswscale-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-4-private-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec58"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec58-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec58-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec58-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice58"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice58-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice58-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice58-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter7-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter7-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat58"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat58-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat58-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat58-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample4-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil56"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil56-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil56-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil56-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc55"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc55-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc55-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc55-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale5-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale5-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-debugsource-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-libavcodec-devel-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-libavdevice-devel-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-libavfilter-devel-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-libavformat-devel-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-libavresample-devel-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-libavutil-devel-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-libpostproc-devel-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-libswresample-devel-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-libswscale-devel-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ffmpeg-4-private-devel-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavcodec58-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavcodec58-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavdevice58-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavdevice58-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavfilter7-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavfilter7-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavformat58-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavformat58-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavresample4-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavresample4-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavutil56-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libavutil56-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libpostproc55-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libpostproc55-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libswresample3-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libswresample3-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libswscale5-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libswscale5-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavcodec58-32bit-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavcodec58-32bit-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavdevice58-32bit-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavdevice58-32bit-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavfilter7-32bit-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavfilter7-32bit-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavformat58-32bit-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavformat58-32bit-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavresample4-32bit-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavresample4-32bit-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavutil56-32bit-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libavutil56-32bit-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libpostproc55-32bit-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libpostproc55-32bit-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libswresample3-32bit-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libswresample3-32bit-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libswscale5-32bit-4.2.1-lp151.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libswscale5-32bit-debuginfo-4.2.1-lp151.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ffmpeg-4-debugsource / ffmpeg-4-libavcodec-devel / etc"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-172.NASL description This update for ffmpeg fixes the following issues : Updated ffmpeg to new bugfix release 3.4.2 - Fix integer overflows, multiplication overflows, undefined shifts, and verify buffer lengths. - avfilter/vf_transpose: Fix used plane count [boo#1078488, CVE-2018-6392] - avcodec/utvideodec: Fix bytes left check in decode_frame() [boo#1079368, CVE-2018-6621] - Enable use of libzvbi for displaying teletext subtitles. - Fixed a DoS in swri_audio_convert() [boo#1072366, CVE-2017-17555]. Update to new bugfix release 3.4.1 - Fixed integer overflows, division by zero, illegal bit shifts - Fixed the gmc_mmx function which failed to validate width and height [boo#1070762, CVE-2017-17081] - Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840] - ffplay: use SDL2 audio API - install also doc/ffserver.conf - Update to new upstream release 3.4 - New video filters: deflicker, doublewave, lumakey, pixscope, oscilloscope, robterts, limiter, libvmaf, unpremultiply, tlut2, floodifll, pseudocolor, despill, convolve, vmafmotion. - New audio filters: afir, crossfeed, surround, headphone, superequalizer, haas. - Some video filters with several inputs now use a common set of options: blend, libvmaf, lut3d, overlay, psnr, ssim. They must always be used by name. - librsvg support for svg rasterization - spec-compliant VP9 muxing support in MP4 - Remove the libnut and libschroedinger muxer/demuxer wrappers - drop deprecated qtkit input device (use avfoundation instead) - SUP/PGS subtitle muxer - VP9 tile threading support - KMS screen grabber - CUDA thumbnail filter - V4L2 mem2mem HW assisted codecs - Rockchip MPP hardware decoding - (Not in openSUSE builds, only original ones:) - Gremlin Digital Video demuxer and decoder - Additional frame format support for Interplay MVE movies - Dolby E decoder and SMPTE 337M demuxer - raw G.726 muxer and demuxer, left- and right-justified - NewTek NDI input/output device - FITS demuxer, muxer, decoder and encoder - Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186] - Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672] last seen 2020-06-05 modified 2018-02-20 plugin id 106890 published 2018-02-20 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106890 title openSUSE Security Update : ffmpeg (openSUSE-2018-172) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-172. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(106890); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-15186", "CVE-2017-15672", "CVE-2017-16840", "CVE-2017-17081", "CVE-2017-17555", "CVE-2018-6392", "CVE-2018-6621"); script_name(english:"openSUSE Security Update : ffmpeg (openSUSE-2018-172)"); script_summary(english:"Check for the openSUSE-2018-172 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for ffmpeg fixes the following issues : Updated ffmpeg to new bugfix release 3.4.2 - Fix integer overflows, multiplication overflows, undefined shifts, and verify buffer lengths. - avfilter/vf_transpose: Fix used plane count [boo#1078488, CVE-2018-6392] - avcodec/utvideodec: Fix bytes left check in decode_frame() [boo#1079368, CVE-2018-6621] - Enable use of libzvbi for displaying teletext subtitles. - Fixed a DoS in swri_audio_convert() [boo#1072366, CVE-2017-17555]. Update to new bugfix release 3.4.1 - Fixed integer overflows, division by zero, illegal bit shifts - Fixed the gmc_mmx function which failed to validate width and height [boo#1070762, CVE-2017-17081] - Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840] - ffplay: use SDL2 audio API - install also doc/ffserver.conf - Update to new upstream release 3.4 - New video filters: deflicker, doublewave, lumakey, pixscope, oscilloscope, robterts, limiter, libvmaf, unpremultiply, tlut2, floodifll, pseudocolor, despill, convolve, vmafmotion. - New audio filters: afir, crossfeed, surround, headphone, superequalizer, haas. - Some video filters with several inputs now use a common set of options: blend, libvmaf, lut3d, overlay, psnr, ssim. They must always be used by name. - librsvg support for svg rasterization - spec-compliant VP9 muxing support in MP4 - Remove the libnut and libschroedinger muxer/demuxer wrappers - drop deprecated qtkit input device (use avfoundation instead) - SUP/PGS subtitle muxer - VP9 tile threading support - KMS screen grabber - CUDA thumbnail filter - V4L2 mem2mem HW assisted codecs - Rockchip MPP hardware decoding - (Not in openSUSE builds, only original ones:) - Gremlin Digital Video demuxer and decoder - Additional frame format support for Interplay MVE movies - Dolby E decoder and SMPTE 337M demuxer - raw G.726 muxer and demuxer, left- and right-justified - NewTek NDI input/output device - FITS demuxer, muxer, decoder and encoder - Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186] - Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672]" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064577" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066428" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1069407" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1070762" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1072366" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1078488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1079368" ); script_set_attribute( attribute:"solution", value:"Update the affected ffmpeg packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec57-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice57-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter6-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat57-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil55-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc54-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale4-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"ffmpeg-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ffmpeg-debuginfo-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ffmpeg-debugsource-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavcodec-devel-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavcodec57-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavcodec57-debuginfo-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavdevice-devel-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavdevice57-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavdevice57-debuginfo-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavfilter-devel-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavfilter6-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavfilter6-debuginfo-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavformat-devel-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavformat57-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavformat57-debuginfo-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavresample-devel-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavresample3-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavresample3-debuginfo-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavutil-devel-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavutil55-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libavutil55-debuginfo-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libpostproc-devel-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libpostproc54-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libpostproc54-debuginfo-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswresample-devel-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswresample2-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswresample2-debuginfo-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswscale-devel-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswscale4-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libswscale4-debuginfo-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavcodec57-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavcodec57-debuginfo-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavdevice57-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavdevice57-debuginfo-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavfilter6-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavfilter6-debuginfo-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavformat57-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavformat57-debuginfo-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavresample3-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavresample3-debuginfo-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavutil55-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libavutil55-debuginfo-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libpostproc54-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libpostproc54-debuginfo-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswresample2-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswresample2-debuginfo-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswscale4-32bit-3.4.2-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libswscale4-debuginfo-32bit-3.4.2-10.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ffmpeg / ffmpeg-debuginfo / ffmpeg-debugsource / libavcodec-devel / etc"); }
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html
- https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference%28DoS%29%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md
- https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference%28DoS%29%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md