Описание
Security update for ffmpeg
This update for ffmpeg fixes the following issues:
- CVE-2019-9721: Fix denial of service in the subtitle decoder in handle_open_brace from libavcodec/htmlsubtitles.c (bsc#1129714).
- CVE-2020-22046: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c (bsc#1186849).
- CVE-2020-22048: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c (bsc#1186859).
- CVE-2020-22049: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c (bsc#1186861).
- CVE-2020-22054: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c (bsc#1186863).
- CVE-2020-21688: Fixed a heap-use-after-free in the av_freep function in libavutil/mem.c (bsc#1189348).
- CVE-2020-21697: Fixed a heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c (bsc#1189350).
- CVE-2021-38114: Fixed a not checked return value of the init_vlc function (bsc#1189142).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
libavcodec57-3.4.2-11.8.2
libavformat57-3.4.2-11.8.2
libavresample-devel-3.4.2-11.8.2
libavresample3-3.4.2-11.8.2
libavresample3-32bit-3.4.2-11.8.2
libavutil-devel-3.4.2-11.8.2
libavutil55-3.4.2-11.8.2
libpostproc-devel-3.4.2-11.8.2
libpostproc54-3.4.2-11.8.2
libswresample-devel-3.4.2-11.8.2
libswresample2-3.4.2-11.8.2
libswscale-devel-3.4.2-11.8.2
libswscale4-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
libavcodec57-3.4.2-11.8.2
libavformat57-3.4.2-11.8.2
libavresample-devel-3.4.2-11.8.2
libavresample3-3.4.2-11.8.2
libavresample3-64bit-3.4.2-11.8.2
libavutil-devel-3.4.2-11.8.2
libavutil55-3.4.2-11.8.2
libpostproc-devel-3.4.2-11.8.2
libpostproc54-3.4.2-11.8.2
libswresample-devel-3.4.2-11.8.2
libswresample2-3.4.2-11.8.2
libswscale-devel-3.4.2-11.8.2
libswscale4-3.4.2-11.8.2
SUSE Linux Enterprise Module for Package Hub 15 SP2
ffmpeg-3.4.2-11.8.2
libavdevice57-3.4.2-11.8.2
libavfilter6-3.4.2-11.8.2
SUSE Linux Enterprise Module for Package Hub 15 SP3
ffmpeg-3.4.2-11.8.2
libavdevice57-3.4.2-11.8.2
libavfilter6-3.4.2-11.8.2
SUSE Linux Enterprise Workstation Extension 15 SP2
libavcodec-devel-3.4.2-11.8.2
libavformat-devel-3.4.2-11.8.2
libavresample-devel-3.4.2-11.8.2
libavresample3-3.4.2-11.8.2
SUSE Linux Enterprise Workstation Extension 15 SP3
libavcodec-devel-3.4.2-11.8.2
libavformat-devel-3.4.2-11.8.2
libavresample-devel-3.4.2-11.8.2
libavresample3-3.4.2-11.8.2
Ссылки
- Link for SUSE-SU-2021:2919-1
- E-Mail link for SUSE-SU-2021:2919-1
- SUSE Security Ratings
- SUSE Bug 1129714
- SUSE Bug 1186849
- SUSE Bug 1186859
- SUSE Bug 1186861
- SUSE Bug 1186863
- SUSE Bug 1189142
- SUSE Bug 1189348
- SUSE Bug 1189350
- SUSE CVE CVE-2019-9721 page
- SUSE CVE CVE-2020-21688 page
- SUSE CVE CVE-2020-21697 page
- SUSE CVE CVE-2020-22046 page
- SUSE CVE CVE-2020-22048 page
- SUSE CVE CVE-2020-22049 page
- SUSE CVE CVE-2020-22054 page
- SUSE CVE CVE-2021-38114 page
Описание
A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavcodec57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavformat57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample-devel-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample3-3.4.2-11.8.2
Ссылки
- CVE-2019-9721
- SUSE Bug 1129714
Описание
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavcodec57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavformat57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample-devel-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample3-3.4.2-11.8.2
Ссылки
- CVE-2020-21688
- SUSE Bug 1189348
Описание
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavcodec57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavformat57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample-devel-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample3-3.4.2-11.8.2
Ссылки
- CVE-2020-21697
- SUSE Bug 1189350
Описание
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavcodec57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavformat57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample-devel-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample3-3.4.2-11.8.2
Ссылки
- CVE-2020-22046
- SUSE Bug 1186849
Описание
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavcodec57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavformat57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample-devel-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample3-3.4.2-11.8.2
Ссылки
- CVE-2020-22048
- SUSE Bug 1186859
Описание
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavcodec57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavformat57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample-devel-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample3-3.4.2-11.8.2
Ссылки
- CVE-2020-22049
- SUSE Bug 1186861
Описание
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavcodec57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavformat57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample-devel-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample3-3.4.2-11.8.2
Ссылки
- CVE-2020-22054
- SUSE Bug 1186863
Описание
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavcodec57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavformat57-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample-devel-3.4.2-11.8.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libavresample3-3.4.2-11.8.2
Ссылки
- CVE-2021-38114
- SUSE Bug 1189142