Описание
Security update for ffmpeg
This update for ffmpeg fixes the following issues:
- CVE-2021-3566: Fixed information leak (bsc#1189166).
- CVE-2021-38093: Fixed integer overflow vulnerability in filter_robert() (bsc#1190734)
- CVE-2021-38092: Fixed integer overflow vulnerability in filter_prewitt() (bsc#1190733)
- CVE-2021-38094: Fixed integer overflow vulnerability in filter_sobel() (bsc#1190735)
- CVE-2020-22037: Fixed denial of service vulnerability caused by memory leak in avcodec_alloc_context3() (bsc#1186756)
- CVE-2020-35965: Fixed out-of-bounds write in decode_frame() (bsc#1187852)
- CVE-2020-20892: Fixed an issue with filter_frame() (bsc#1190719)
- CVE-2020-20891: Fixed a buffer overflow vulnerability in config_input() (bsc#1190718)
- CVE-2020-20895: Fixed a buffer overflow vulnerability in function filter_vertically_##name (bsc#1190722)
- CVE-2020-20896: Fixed an issue with latm_write_packet() (bsc#1190723)
- CVE-2020-20899: Fixed a buffer overflow vulnerability in config_props() (bsc#1190726)
- CVE-2020-20902: Fixed an out-of-bounds read vulnerabilit long_term_filter() (bsc#1190729)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
SUSE Linux Enterprise Module for Package Hub 15 SP2
SUSE Linux Enterprise Module for Package Hub 15 SP3
SUSE Linux Enterprise Workstation Extension 15 SP2
SUSE Linux Enterprise Workstation Extension 15 SP3
Ссылки
- Link for SUSE-SU-2021:3521-1
- E-Mail link for SUSE-SU-2021:3521-1
- SUSE Security Ratings
- SUSE Bug 1186756
- SUSE Bug 1187852
- SUSE Bug 1189166
- SUSE Bug 1190718
- SUSE Bug 1190719
- SUSE Bug 1190722
- SUSE Bug 1190723
- SUSE Bug 1190726
- SUSE Bug 1190729
- SUSE Bug 1190733
- SUSE Bug 1190734
- SUSE Bug 1190735
- SUSE CVE CVE-2020-20891 page
- SUSE CVE CVE-2020-20892 page
- SUSE CVE CVE-2020-20895 page
- SUSE CVE CVE-2020-20896 page
- SUSE CVE CVE-2020-20899 page
Описание
Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Затронутые продукты
Ссылки
- CVE-2020-20891
- SUSE Bug 1190718
Описание
An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
Затронутые продукты
Ссылки
- CVE-2020-20892
- SUSE Bug 1190719
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22028. Reason: This candidate is a duplicate of CVE-2020-22028. Notes: All CVE users should reference CVE-2020-22028 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2020-20895
- SUSE Bug 1190722
Описание
An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
Затронутые продукты
Ссылки
- CVE-2020-20896
- SUSE Bug 1190723
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22036. Reason: This candidate is a duplicate of CVE-2020-22036. Notes: All CVE users should reference CVE-2020-22036 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2020-20899
- SUSE Bug 1190726
Описание
A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.
Затронутые продукты
Ссылки
- CVE-2020-20902
- SUSE Bug 1190729
Описание
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
Затронутые продукты
Ссылки
- CVE-2020-22037
- SUSE Bug 1186756
Описание
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
Затронутые продукты
Ссылки
- CVE-2020-35965
- SUSE Bug 1187852
Описание
Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).
Затронутые продукты
Ссылки
- CVE-2021-3566
- SUSE Bug 1189166
Описание
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Затронутые продукты
Ссылки
- CVE-2021-38092
- SUSE Bug 1190733
Описание
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Затронутые продукты
Ссылки
- CVE-2021-38093
- SUSE Bug 1190734
Описание
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
Затронутые продукты
Ссылки
- CVE-2021-38094
- SUSE Bug 1190735