pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7a88d47876
vuln-list-alt/oval/c10f1/ALT-PU-2019-1275/definitions.json

291 lines
13 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-06-28 16:17:52 +03:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191275",
"Version": "oval:org.altlinux.errata:def:20191275",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1275: package `ffmpeg` update to version 4.1.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1275",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1275",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-00748",
"RefURL": "https://bdu.fstec.ru/vul/2020-00748",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01558",
"RefURL": "https://bdu.fstec.ru/vul/2020-01558",
"Source": "BDU"
},
{
"RefID": "BDU:2020-02828",
"RefURL": "https://bdu.fstec.ru/vul/2020-02828",
"Source": "BDU"
},
{
"RefID": "BDU:2021-05190",
"RefURL": "https://bdu.fstec.ru/vul/2021-05190",
"Source": "BDU"
},
{
"RefID": "CVE-2019-1000016",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9718",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718",
"Source": "CVE"
},
{
"RefID": "CVE-2019-9721",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721",
"Source": "CVE"
},
{
"RefID": "CVE-2020-12284",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284",
"Source": "CVE"
},
{
"RefID": "CVE-2020-21041",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041",
"Source": "CVE"
}
],
"Description": "This update upgrades ffmpeg to version 4.1.1-alt1. \nSecurity Fix(es):\n\n * BDU:2020-00748: Уязвимость функции ff_htmlmarkup_to_ass мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-01558: Уязвимость функции handle_open_brace мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-02828: Уязвимость функции cbs_jpeg_split_fragment мультимедийной библиотеки Ffmpeg, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05190: Уязвимость компонента apng_do_inverse_blend библиотеки Ffmpeg, связанная с переполнением буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-1000016: FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.\n\n * CVE-2019-9718: In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.\n\n * CVE-2019-9721: A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.\n\n * CVE-2020-12284: cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.\n\n * CVE-2020-21041: Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-02-21"
},
"Updated": {
"Date": "2019-02-21"
},
"BDUs": [
{
"ID": "BDU:2020-00748",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-00748",
"Impact": "Low",
"Public": "20190106"
},
{
"ID": "BDU:2020-01558",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-01558",
"Impact": "Low",
"Public": "20190206"
},
{
"ID": "BDU:2020-02828",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-02828",
"Impact": "Critical",
"Public": "20191229"
},
{
"ID": "BDU:2021-05190",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2021-05190",
"Impact": "High",
"Public": "20210603"
}
],
"CVEs": [
{
"ID": "CVE-2019-1000016",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-129",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016",
"Impact": "Low",
"Public": "20190204"
},
{
"ID": "CVE-2019-9718",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9718",
"Impact": "Low",
"Public": "20190312"
},
{
"ID": "CVE-2019-9721",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-9721",
"Impact": "Low",
"Public": "20190312"
},
{
"ID": "CVE-2020-12284",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-12284",
"Impact": "Critical",
"Public": "20200428"
},
{
"ID": "CVE-2020-21041",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-21041",
"Impact": "High",
"Public": "20210524"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191275001",
"Comment": "ffmpeg is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275002",
"Comment": "ffmpeg-doc is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275003",
"Comment": "ffplay is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275004",
"Comment": "ffprobe is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275005",
"Comment": "ffprobe-doc is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275006",
"Comment": "ffserver-doc is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275007",
"Comment": "libavcodec-devel is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275008",
"Comment": "libavcodec58 is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275009",
"Comment": "libavdevice-devel is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275010",
"Comment": "libavdevice58 is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275011",
"Comment": "libavfilter-devel is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275012",
"Comment": "libavfilter7 is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275013",
"Comment": "libavformat-devel is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275014",
"Comment": "libavformat58 is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275015",
"Comment": "libavresample-devel is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275016",
"Comment": "libavresample4 is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275017",
"Comment": "libavutil-devel is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275018",
"Comment": "libavutil56 is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275019",
"Comment": "libpostproc-devel is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275020",
"Comment": "libpostproc55 is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275021",
"Comment": "libswresample-devel is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275022",
"Comment": "libswresample3 is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275023",
"Comment": "libswscale-devel is earlier than 2:4.1.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191275024",
"Comment": "libswscale5 is earlier than 2:4.1.1-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink