Test ID:	1.3.6.1.4.1.25623.1.0.844502
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4431-1)
Summary:	The remote host is missing an update for the 'ffmpeg' package(s) announced via the USN-4431-1 advisory.
Description:	Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the USN-4431-1 advisory. Vulnerability Insight: It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. For more information see: [link moved to references] (CVE-2018-15822, CVE-2019-11338) It was discovered that FFmpeg incorrectly handled sscanf failures. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-12730) It was discovered that FFmpeg incorrectly handled certain WEBM files. An attacker could possibly use this issue to obtain sensitive data or other unspecified impact. This issue only affected Ubuntu 20.04 LTS. (CVE-2019-13312) It was discovered that FFmpeg incorrectly handled certain AVI files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-13390) It was discovered that FFmpeg incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17539) It was discovered that FFmpeg incorrectly handled certain input during decoding of VQA files. An attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-17542) It was discovered that FFmpeg incorrectly handled certain JPEG files. An attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-12284) It was discovered that FFmpeg incorrectly handled certain M3U8 files. An attacker could possibly use this issue to obtain sensitive information or other unspecified impact. (CVE-2020-13904) Affected Software/OS: 'ffmpeg' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-15822 Bugtraq: 20190523 [SECURITY] [DSA 4449-1] ffmpeg security update (Google Search) https://seclists.org/bugtraq/2019/May/60 Debian Security Information: DSA-4449 (Google Search) https://www.debian.org/security/2019/dsa-4449 https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10 https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html https://usn.ubuntu.com/3967-1/ https://usn.ubuntu.com/4431-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-11338 BugTraq ID: 108034 http://www.securityfocus.com/bid/108034 https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b SuSE Security Announcement: openSUSE-SU-2020:0024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2019-12730 BugTraq ID: 109317 http://www.securityfocus.com/bid/109317 Bugtraq: 20190816 [SECURITY] [DSA 4502-1] ffmpeg security update (Google Search) https://seclists.org/bugtraq/2019/Aug/30 Debian Security Information: DSA-4502 (Google Search) https://www.debian.org/security/2019/dsa-4502 https://security.gentoo.org/glsa/202003-65 https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40 Common Vulnerability Exposure (CVE) ID: CVE-2019-13312 https://security.gentoo.org/glsa/202007-58 https://trac.ffmpeg.org/ticket/7980 Common Vulnerability Exposure (CVE) ID: CVE-2019-13390 BugTraq ID: 109090 http://www.securityfocus.com/bid/109090 Debian Security Information: DSA-4722 (Google Search) https://www.debian.org/security/2020/dsa-4722 https://trac.ffmpeg.org/ticket/7979 https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2019-17539 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733 https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html Common Vulnerability Exposure (CVE) ID: CVE-2019-17542 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919 https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2 https://lists.debian.org/debian-lts-announce/2019/12/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2020-12284 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726 https://github.com/FFmpeg/FFmpeg/commit/a3a3730b5456ca00587455004d40c047f7b20a99 Common Vulnerability Exposure (CVE) ID: CVE-2020-13904 https://github.com/FFmpeg/FFmpeg/commit/6959358683c7533f586c07a766acc5fe9544d8b2 https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/ https://trac.ffmpeg.org/ticket/8673
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.