Debian DSA-2000-1 : ffmpeg-debian - several vulnerabilities

critical Nessus Plugin ID 44864

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer :

Various programming errors in container and codec implementations may lead to denial of service or the execution of arbitrary code if the user is tricked into opening a malformed media file or stream.

The implementations of the following affected codecs and container formats have been updated :

- the Vorbis audio codec
- the Ogg container implementation

- the FF Video 1 codec

- the MPEG audio codec

- the H264 video codec

- the MOV container implementation

- the Oggedc container implementation

Solution

Upgrade the ffmpeg packages.

For the stable distribution (lenny), these problems have been fixed in version 0.svn20080206-18+lenny1.

See Also

https://www.debian.org/security/2010/dsa-2000

Plugin Details

Severity: Critical

ID: 44864

File Name: debian_DSA-2000.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2/24/2010

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:ffmpeg-debian, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2/18/2010

Reference Information

CVE: CVE-2009-4631, CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4637, CVE-2009-4638, CVE-2009-4640

CWE: 119, 189, 94

DSA: 2000