Test ID:	1.3.6.1.4.1.25623.1.0.892742
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-2742-1)
Summary:	The remote host is missing an update for the Debian 'ffmpeg' package(s) announced via the DLA-2742-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'ffmpeg' package(s) announced via the DLA-2742-1 advisory. Vulnerability Insight: Multiple issues have been discovered in ffmpeg. CVE-2020-21041 Buffer Overflow vulnerability exists via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service. CVE-2020-22015 Buffer Overflow vulnerability in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. CVE-2020-22016 A heap-based Buffer Overflow vulnerability at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences. CVE-2020-22020 Buffer Overflow vulnerability in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service. CVE-2020-22021 Buffer Overflow vulnerability at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. CVE-2020-22022 A heap-based Buffer Overflow vulnerability exists in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences. CVE-2020-22023 A heap-based Buffer Overflow vulnerabililty exists in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences. CVE-2020-22025 A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences. CVE-2020-22026 Buffer Overflow vulnerability exists in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. CVE-2020-22028 Buffer Overflow vulnerability in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. CVE-2020-22031 A Heap-based Buffer Overflow vulnerability in filter16_complex_low, which might lead to memory corruption and other potential consequences. CVE-2020-22032 A heap-based Buffer Overflow vulnerability in gaussian_blur, which might lead to memory corruption and other potential consequences. CVE-2020-22036 A heap-based Buffer Overflow vulnerability in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences. CVE-2021-3566 The tty demuxer did not have a read_probe function assigned to it. By crafting a legitimate ffconcat file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). CVE-2021-38114 libavcodec/dnxhddec.c does not check the return value of the init_vlc function. Crafted DNxHD data can cause unspecified impact. For Debian 9 stretch, these problems have been fixed in version ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'ffmpeg' package(s) on Debian 9. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-21041 Debian Security Information: DSA-4990 (Google Search) https://www.debian.org/security/2021/dsa-4990 https://trac.ffmpeg.org/ticket/7989 https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2020-22015 https://trac.ffmpeg.org/ticket/8190 Common Vulnerability Exposure (CVE) ID: CVE-2020-22016 https://trac.ffmpeg.org/ticket/8183 Common Vulnerability Exposure (CVE) ID: CVE-2020-22020 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765 https://trac.ffmpeg.org/ticket/8239 Common Vulnerability Exposure (CVE) ID: CVE-2020-22021 https://trac.ffmpeg.org/ticket/8240 Common Vulnerability Exposure (CVE) ID: CVE-2020-22022 https://trac.ffmpeg.org/ticket/8264 Common Vulnerability Exposure (CVE) ID: CVE-2020-22023 https://trac.ffmpeg.org/ticket/8244 Common Vulnerability Exposure (CVE) ID: CVE-2020-22025 https://cwe.mitre.org/data/definitions/122.html https://trac.ffmpeg.org/ticket/8260 Common Vulnerability Exposure (CVE) ID: CVE-2020-22026 https://trac.ffmpeg.org/ticket/8317 Common Vulnerability Exposure (CVE) ID: CVE-2020-22028 https://trac.ffmpeg.org/ticket/8274 Common Vulnerability Exposure (CVE) ID: CVE-2020-22031 https://trac.ffmpeg.org/attachment/ticket/8243/gdb-vf_w3fdif_191 https://trac.ffmpeg.org/ticket/8243 Common Vulnerability Exposure (CVE) ID: CVE-2020-22032 https://trac.ffmpeg.org/ticket/8275 Common Vulnerability Exposure (CVE) ID: CVE-2020-22036 https://trac.ffmpeg.org/ticket/8261 Common Vulnerability Exposure (CVE) ID: CVE-2021-3566 https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532#diff-74f6b92a0541378ad15de9c29c0a2b0c69881ad9ffc71abe568b88b535e00a7f Common Vulnerability Exposure (CVE) ID: CVE-2021-38114 Debian Security Information: DSA-4998 (Google Search) https://www.debian.org/security/2021/dsa-4998 https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 https://patchwork.ffmpeg.org/project/ffmpeg/patch/PAXP193MB12624C21AE412BE95BA4D4A4B6F09@PAXP193MB1262.EURP193.PROD.OUTLOOK.COM/
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.