 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2021.0495 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2021-0495) |
| Summary: | The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2021-0495 advisory. |
| Description: | Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2021-0495 advisory. Vulnerability Insight: FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. (CVE-2020-20446) FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. (CVE-2020-20450) FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service. (CVE-2020-20453) Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service. (CVE-2020-21041) Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. (CVE-2020-22015) Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. (CVE-2020-22019) Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. (CVE-2020-22021) A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. (CVE-2020-22033) A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. (CVE-2020-22037) A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. (CVE-2020-22038) A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. (CVE-2020-22042) libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. (CVE-2021-38114) adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. (CVE-2021-38171) FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. (CVE-2021-38291) Affected Software/OS: 'ffmpeg' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-20446 Debian Security Information: DSA-4990 (Google Search) https://www.debian.org/security/2021/dsa-4990 Debian Security Information: DSA-4998 (Google Search) https://www.debian.org/security/2021/dsa-4998 https://trac.ffmpeg.org/ticket/7995 https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2020-20450 https://trac.ffmpeg.org/ticket/7993 Common Vulnerability Exposure (CVE) ID: CVE-2020-20453 https://trac.ffmpeg.org/ticket/8003 Common Vulnerability Exposure (CVE) ID: CVE-2020-21041 https://trac.ffmpeg.org/ticket/7989 https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2020-22015 https://trac.ffmpeg.org/ticket/8190 Common Vulnerability Exposure (CVE) ID: CVE-2020-22019 https://trac.ffmpeg.org/ticket/8241 Common Vulnerability Exposure (CVE) ID: CVE-2020-22021 https://trac.ffmpeg.org/ticket/8240 Common Vulnerability Exposure (CVE) ID: CVE-2020-22033 https://cwe.mitre.org/data/definitions/122.html https://trac.ffmpeg.org/ticket/8246 Common Vulnerability Exposure (CVE) ID: CVE-2020-22037 https://trac.ffmpeg.org/ticket/8281 Common Vulnerability Exposure (CVE) ID: CVE-2020-22038 https://trac.ffmpeg.org/ticket/8285 Common Vulnerability Exposure (CVE) ID: CVE-2020-22042 https://trac.ffmpeg.org/ticket/8267 Common Vulnerability Exposure (CVE) ID: CVE-2021-38114 https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 https://patchwork.ffmpeg.org/project/ffmpeg/patch/PAXP193MB12624C21AE412BE95BA4D4A4B6F09@PAXP193MB1262.EURP193.PROD.OUTLOOK.COM/ Common Vulnerability Exposure (CVE) ID: CVE-2021-38171 https://security.gentoo.org/glsa/202312-14 https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 https://patchwork.ffmpeg.org/project/ffmpeg/patch/AS8P193MB12542A86E22F8207EC971930B6F19@AS8P193MB1254.EURP193.PROD.OUTLOOK.COM/ Common Vulnerability Exposure (CVE) ID: CVE-2021-38291 https://trac.ffmpeg.org/ticket/9312 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |