The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5958-1 advisory.

    It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use     this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM,     Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3109, CVE-2022-3341)

    It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An     attacker could possibly use this to cause a denial of service via application crash or access sensitive     information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10. (CVE-2022-3964)

    It was discovered that FFmpeg could be made to access an out-of-bounds frame by the QuickTime encoder. An     attacker could possibly use this to cause a denial of service via application crash or access sensitive     information. This issue only affected Ubuntu 22.10. (CVE-2022-3965)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : FFmpeg vulnerabilities (USN-5958-1)

high Nessus Plugin ID 172614

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Aug 28, 2024, 11:02 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408282302
Version 1.1 Oct 21, 2023, 5:06 AM Plugin metadata Exploit attributes ("Exploit available" set to "False") Detection Plugin Feed: 202310210506
Version 1.0 Mar 16, 2023, 6:35 PM New Plugin Feed: 202303161835