Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:3184-1

Опубликовано: 05 дек. 2019
Источник: suse-cvrf

Описание

Security update for ffmpeg

This update for ffmpeg fixes the following issues:

Security issues fixed:

  • CVE-2019-17542: Fixed a heap-buffer overflow in vqa_decode_chunk due to an out-of-array access (bsc#1154064).
  • CVE-2019-12730: Fixed an uninitialized use of variables due to an improper check (bsc#1137526).
  • CVE-2019-9718: Fixed a denial of service in the subtitle decode (bsc#1129715).
  • CVE-2018-13301: Fixed a denial of service while converting a crafted AVI file to MPEG4 (bsc#1100352).

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15
libavcodec57-3.4.2-4.27.1
libavutil-devel-3.4.2-4.27.1
libavutil55-3.4.2-4.27.1
libpostproc-devel-3.4.2-4.27.1
libpostproc54-3.4.2-4.27.1
libswresample-devel-3.4.2-4.27.1
libswresample2-3.4.2-4.27.1
libswscale-devel-3.4.2-4.27.1
libswscale4-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
libavcodec57-3.4.2-4.27.1
libavutil-devel-3.4.2-4.27.1
libavutil55-3.4.2-4.27.1
libpostproc-devel-3.4.2-4.27.1
libpostproc54-3.4.2-4.27.1
libswresample-devel-3.4.2-4.27.1
libswresample2-3.4.2-4.27.1
libswscale-devel-3.4.2-4.27.1
libswscale4-3.4.2-4.27.1
SUSE Linux Enterprise Module for Package Hub 15
ffmpeg-3.4.2-4.27.1
libavdevice57-3.4.2-4.27.1
libavfilter6-3.4.2-4.27.1
SUSE Linux Enterprise Workstation Extension 15
libavcodec-devel-3.4.2-4.27.1
libavformat-devel-3.4.2-4.27.1
libavformat57-3.4.2-4.27.1
libavresample-devel-3.4.2-4.27.1
libavresample3-3.4.2-4.27.1
SUSE Linux Enterprise Workstation Extension 15 SP1
libavcodec-devel-3.4.2-4.27.1
libavformat-devel-3.4.2-4.27.1
libavformat57-3.4.2-4.27.1
libavresample-devel-3.4.2-4.27.1
libavresample3-3.4.2-4.27.1

Ссылки

Описание

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavcodec57-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavutil-devel-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavutil55-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libpostproc-devel-3.4.2-4.27.1
Ссылки

Описание

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavcodec57-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavutil-devel-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavutil55-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libpostproc-devel-3.4.2-4.27.1
Ссылки

Описание

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavcodec57-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavutil-devel-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavutil55-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libpostproc-devel-3.4.2-4.27.1
Ссылки

Описание

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavcodec57-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavutil-devel-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libavutil55-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:libpostproc-devel-3.4.2-4.27.1
Ссылки