pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9a236ac382
vuln-list-alt/oval/c9f2/ALT-PU-2024-10869/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

253 lines
11 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410869",
"Version": "oval:org.altlinux.errata:def:202410869",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10869: package `ffmpeg` update to version 4.3.8-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10869",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10869",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-02925",
"RefURL": "https://bdu.fstec.ru/vul/2023-02925",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03348",
"RefURL": "https://bdu.fstec.ru/vul/2023-03348",
"Source": "BDU"
},
{
"RefID": "BDU:2024-00245",
"RefURL": "https://bdu.fstec.ru/vul/2024-00245",
"Source": "BDU"
},
{
"RefID": "CVE-2022-3341",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-3341",
"Source": "CVE"
},
{
"RefID": "CVE-2022-48434",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-48434",
"Source": "CVE"
},
{
"RefID": "CVE-2023-47342",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-47342",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7055",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7055",
"Source": "CVE"
}
],
"Description": "This update upgrades ffmpeg to version 4.3.8-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02925: Уязвимость компонента libavcodec/pthread_frame.c мультимедийной библиотеки FFmpeg, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03348: Уязвимость функции decode_main_header() (libavformat/nutdec.c) мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-00245: Уязвимость мультимедийной библиотеки FFmpeg, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привелегии\n\n * CVE-2022-3341: A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.\n\n * CVE-2022-48434: libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).\n\n * CVE-2023-47342: description unavailable\n\n * CVE-2024-7055: A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-08-14"
},
"Updated": {
"Date": "2024-08-14"
},
"BDUs": [
{
"ID": "BDU:2023-02925",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-02925",
"Impact": "High",
"Public": "20220902"
},
{
"ID": "BDU:2023-03348",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2023-03348",
"Impact": "Low",
"Public": "20220722"
},
{
"ID": "BDU:2024-00245",
"CVSS": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-269",
"Href": "https://bdu.fstec.ru/vul/2024-00245",
"Impact": "Low",
"Public": "20231106"
}
],
"CVEs": [
{
"ID": "CVE-2022-3341",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-3341",
"Impact": "Low",
"Public": "20230112"
},
{
"ID": "CVE-2022-48434",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-48434",
"Impact": "High",
"Public": "20230329"
},
{
"ID": "CVE-2024-7055",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7055",
"Impact": "None",
"Public": "20240806"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410869001",
"Comment": "ffmpeg is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869002",
"Comment": "ffmpeg-doc is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869003",
"Comment": "ffplay is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869004",
"Comment": "ffplay-doc is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869005",
"Comment": "ffprobe is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869006",
"Comment": "ffprobe-doc is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869007",
"Comment": "ffserver-doc is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869008",
"Comment": "libavcodec-devel is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869009",
"Comment": "libavcodec58 is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869010",
"Comment": "libavdevice-devel is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869011",
"Comment": "libavdevice58 is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869012",
"Comment": "libavfilter-devel is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869013",
"Comment": "libavfilter7 is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869014",
"Comment": "libavformat-devel is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869015",
"Comment": "libavformat58 is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869016",
"Comment": "libavresample-devel is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869017",
"Comment": "libavresample4 is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869018",
"Comment": "libavutil-devel is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869019",
"Comment": "libavutil56 is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869020",
"Comment": "libpostproc-devel is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869021",
"Comment": "libpostproc55 is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869022",
"Comment": "libswresample-devel is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869023",
"Comment": "libswresample3 is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869024",
"Comment": "libswscale-devel is earlier than 2:4.3.8-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410869025",
"Comment": "libswscale5 is earlier than 2:4.3.8-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink