Alpine: multiple ffmpeg packages: security update to 3.0.7-r0

critical Tenable Self-Hosted Container Security Plugin ID 404290

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before
3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving
sample size. (CVE-2016-6164)

- An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to
54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for
Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
(CVE-2016-5199)

- The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause
an infinite loop denial of service via a crafted SWF file. (CVE-2016-6881)

- The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop
when it decodes an AVI file that has a crafted 'nctg' structure. (CVE-2016-7122)

See Also

https://security.alpinelinux.org/vuln/CVE-2016-10190

https://security.alpinelinux.org/vuln/CVE-2016-10191

https://security.alpinelinux.org/vuln/CVE-2016-10192

https://security.alpinelinux.org/vuln/CVE-2016-5199

https://security.alpinelinux.org/vuln/CVE-2016-6164

https://security.alpinelinux.org/vuln/CVE-2016-6881

https://security.alpinelinux.org/vuln/CVE-2016-7122

https://security.alpinelinux.org/vuln/CVE-2016-7450

https://security.alpinelinux.org/vuln/CVE-2016-7502

https://security.alpinelinux.org/vuln/CVE-2016-7555

https://security.alpinelinux.org/vuln/CVE-2016-7562

https://security.alpinelinux.org/vuln/CVE-2016-7785

https://security.alpinelinux.org/vuln/CVE-2016-7905

https://security.alpinelinux.org/vuln/CVE-2017-5024

https://security.alpinelinux.org/vuln/CVE-2017-5025

Plugin Details

Severity: Critical

ID: 404290

Version: Revision 1.29

Type: Local

Published: 10/31/2023

Updated: 6/30/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-6164

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/26/2016

Reference Information

CVE: CVE-2016-10190, CVE-2016-10191, CVE-2016-10192, CVE-2016-5199, CVE-2016-6164, CVE-2016-6881, CVE-2016-7122, CVE-2016-7450, CVE-2016-7502, CVE-2016-7555, CVE-2016-7562, CVE-2016-7785, CVE-2016-7905, CVE-2017-5024, CVE-2017-5025

BID: 93163, 94196, 94833, 94834, 94835, 94837, 94838, 94839, 94841, 95792, 95862, 95986, 95989, 95991