GLSA-201603-06 : FFmpeg: Multiple vulnerabilities

critical Nessus Plugin ID 89899

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201603-06 (FFmpeg: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.
Impact :

A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition.
Workaround :

There is no known workaround at this time.

Solution

All FFmpeg users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-2.6.3'

See Also

https://security.gentoo.org/glsa/201603-06

Plugin Details

Severity: Critical

ID: 89899

File Name: gentoo_GLSA-201603-06.nasl

Version: 2.2

Type: local

Published: 3/14/2016

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:ffmpeg, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 3/12/2016

Reference Information

CVE: CVE-2013-0860, CVE-2013-0861, CVE-2013-0862, CVE-2013-0863, CVE-2013-0864, CVE-2013-0865, CVE-2013-0866, CVE-2013-0867, CVE-2013-0868, CVE-2013-0872, CVE-2013-0873, CVE-2013-0874, CVE-2013-0875, CVE-2013-0876, CVE-2013-0877, CVE-2013-0878, CVE-2013-4263, CVE-2013-4264, CVE-2013-4265, CVE-2013-7008, CVE-2013-7009, CVE-2013-7010, CVE-2013-7011, CVE-2013-7012, CVE-2013-7013, CVE-2013-7014, CVE-2013-7015, CVE-2013-7016, CVE-2013-7017, CVE-2013-7018, CVE-2013-7019, CVE-2013-7020, CVE-2013-7021, CVE-2013-7022, CVE-2013-7023, CVE-2013-7024, CVE-2014-2097, CVE-2014-2098, CVE-2014-2263, CVE-2014-5271, CVE-2014-5272, CVE-2014-7937, CVE-2014-8541, CVE-2014-8542, CVE-2014-8543, CVE-2014-8544, CVE-2014-8545, CVE-2014-8546, CVE-2014-8547, CVE-2014-8548, CVE-2014-8549, CVE-2014-9316, CVE-2014-9317, CVE-2014-9318, CVE-2014-9319, CVE-2014-9602, CVE-2014-9603, CVE-2014-9604, CVE-2015-3395

GLSA: 201603-06