Описание
Security update for ffmpeg-4
This update for ffmpeg-4 fixes the following issues:
- CVE-2022-3964: Fixed out of bounds read in update_block_in_prev_frame() (bsc#1205388).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
libavcodec58_134-4.4-150400.3.5.1
libavutil56_70-4.4-150400.3.5.1
libswresample3_9-4.4-150400.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
libavformat58_76-4.4-150400.3.5.1
SUSE Linux Enterprise Workstation Extension 15 SP4
libavformat58_76-4.4-150400.3.5.1
libswscale5_9-4.4-150400.3.5.1
openSUSE Leap 15.4
ffmpeg-4-4.4-150400.3.5.1
ffmpeg-4-libavcodec-devel-4.4-150400.3.5.1
ffmpeg-4-libavdevice-devel-4.4-150400.3.5.1
ffmpeg-4-libavfilter-devel-4.4-150400.3.5.1
ffmpeg-4-libavformat-devel-4.4-150400.3.5.1
ffmpeg-4-libavresample-devel-4.4-150400.3.5.1
ffmpeg-4-libavutil-devel-4.4-150400.3.5.1
ffmpeg-4-libpostproc-devel-4.4-150400.3.5.1
ffmpeg-4-libswresample-devel-4.4-150400.3.5.1
ffmpeg-4-libswscale-devel-4.4-150400.3.5.1
ffmpeg-4-private-devel-4.4-150400.3.5.1
libavcodec58_134-4.4-150400.3.5.1
libavcodec58_134-32bit-4.4-150400.3.5.1
libavdevice58_13-4.4-150400.3.5.1
libavdevice58_13-32bit-4.4-150400.3.5.1
libavfilter7_110-4.4-150400.3.5.1
libavfilter7_110-32bit-4.4-150400.3.5.1
libavformat58_76-4.4-150400.3.5.1
libavformat58_76-32bit-4.4-150400.3.5.1
libavresample4_0-4.4-150400.3.5.1
libavresample4_0-32bit-4.4-150400.3.5.1
libavutil56_70-4.4-150400.3.5.1
libavutil56_70-32bit-4.4-150400.3.5.1
libpostproc55_9-4.4-150400.3.5.1
libpostproc55_9-32bit-4.4-150400.3.5.1
libswresample3_9-4.4-150400.3.5.1
libswresample3_9-32bit-4.4-150400.3.5.1
libswscale5_9-4.4-150400.3.5.1
libswscale5_9-32bit-4.4-150400.3.5.1
Ссылки
- Link for SUSE-SU-2022:4194-1
- E-Mail link for SUSE-SU-2022:4194-1
- SUSE Security Ratings
- SUSE Bug 1205388
- SUSE CVE CVE-2022-3964 page
Описание
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libavcodec58_134-4.4-150400.3.5.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libavutil56_70-4.4-150400.3.5.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libswresample3_9-4.4-150400.3.5.1
SUSE Linux Enterprise Module for Package Hub 15 SP4:libavformat58_76-4.4-150400.3.5.1
Ссылки
- CVE-2022-3964
- SUSE Bug 1205388