FreeBSD : ffmpeg -- heap overflow in lavf/mov.c (7f9b696f-f11b-11e6-b50e-5404a68ad561)

medium Nessus Plugin ID 97108

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

FFmpeg security reports :

FFmpeg 3.2.4 fixes the following vulnerabilities : CVE-2017-5024, CVE-2017-5025

Solution

Update the affected packages.

See Also

https://www.ffmpeg.org/security.html

http://www.nessus.org/u?fcdefa5b

http://www.nessus.org/u?7a253337

Plugin Details

Severity: Medium

ID: 97108

File Name: freebsd_pkg_7f9b696ff11b11e6b50e5404a68ad561.nasl

Version: 3.8

Type: local

Published: 2/13/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ffmpeg, p-cpe:/a:freebsd:freebsd:mythtv, p-cpe:/a:freebsd:freebsd:mythtv-frontend, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/12/2017

Vulnerability Publication Date: 1/25/2017

Reference Information

CVE: CVE-2017-5024, CVE-2017-5025