Описание
Security update for ffmpeg
This update for ffmpeg fixes the following issues:
- CVE-2019-13390: Fixed a potential crash when processing a crafted AVI stream (bsc#1140754).
- CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778).
- CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934).
Список пакетов
SUSE Enterprise Storage 6
libavcodec-devel-3.4.2-150000.4.53.2
libavcodec57-3.4.2-150000.4.53.2
libavcodec57-32bit-3.4.2-150000.4.53.2
libavdevice-devel-3.4.2-150000.4.53.2
libavdevice57-3.4.2-150000.4.53.2
libavdevice57-32bit-3.4.2-150000.4.53.2
libavfilter-devel-3.4.2-150000.4.53.2
libavfilter6-3.4.2-150000.4.53.2
libavfilter6-32bit-3.4.2-150000.4.53.2
libavformat-devel-3.4.2-150000.4.53.2
libavformat57-3.4.2-150000.4.53.2
libavformat57-32bit-3.4.2-150000.4.53.2
libavresample-devel-3.4.2-150000.4.53.2
libavresample3-3.4.2-150000.4.53.2
libavresample3-32bit-3.4.2-150000.4.53.2
libavutil-devel-3.4.2-150000.4.53.2
libavutil55-3.4.2-150000.4.53.2
libavutil55-32bit-3.4.2-150000.4.53.2
libpostproc-devel-3.4.2-150000.4.53.2
libpostproc54-3.4.2-150000.4.53.2
libpostproc54-32bit-3.4.2-150000.4.53.2
libswresample-devel-3.4.2-150000.4.53.2
libswresample2-3.4.2-150000.4.53.2
libswresample2-32bit-3.4.2-150000.4.53.2
libswscale-devel-3.4.2-150000.4.53.2
libswscale4-3.4.2-150000.4.53.2
libswscale4-32bit-3.4.2-150000.4.53.2
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libavcodec-devel-3.4.2-150000.4.53.2
libavcodec57-3.4.2-150000.4.53.2
libavcodec57-32bit-3.4.2-150000.4.53.2
libavdevice-devel-3.4.2-150000.4.53.2
libavdevice57-3.4.2-150000.4.53.2
libavdevice57-32bit-3.4.2-150000.4.53.2
libavfilter-devel-3.4.2-150000.4.53.2
libavfilter6-3.4.2-150000.4.53.2
libavfilter6-32bit-3.4.2-150000.4.53.2
libavformat-devel-3.4.2-150000.4.53.2
libavformat57-3.4.2-150000.4.53.2
libavformat57-32bit-3.4.2-150000.4.53.2
libavresample-devel-3.4.2-150000.4.53.2
libavresample3-3.4.2-150000.4.53.2
libavresample3-32bit-3.4.2-150000.4.53.2
libavutil-devel-3.4.2-150000.4.53.2
libavutil55-3.4.2-150000.4.53.2
libavutil55-32bit-3.4.2-150000.4.53.2
libpostproc-devel-3.4.2-150000.4.53.2
libpostproc54-3.4.2-150000.4.53.2
libpostproc54-32bit-3.4.2-150000.4.53.2
libswresample-devel-3.4.2-150000.4.53.2
libswresample2-3.4.2-150000.4.53.2
libswresample2-32bit-3.4.2-150000.4.53.2
libswscale-devel-3.4.2-150000.4.53.2
libswscale4-3.4.2-150000.4.53.2
libswscale4-32bit-3.4.2-150000.4.53.2
SUSE Linux Enterprise Server 15 SP1-LTSS
libavcodec-devel-3.4.2-150000.4.53.2
libavcodec57-3.4.2-150000.4.53.2
libavcodec57-32bit-3.4.2-150000.4.53.2
libavdevice-devel-3.4.2-150000.4.53.2
libavdevice57-3.4.2-150000.4.53.2
libavdevice57-32bit-3.4.2-150000.4.53.2
libavfilter-devel-3.4.2-150000.4.53.2
libavfilter6-3.4.2-150000.4.53.2
libavfilter6-32bit-3.4.2-150000.4.53.2
libavformat-devel-3.4.2-150000.4.53.2
libavformat57-3.4.2-150000.4.53.2
libavformat57-32bit-3.4.2-150000.4.53.2
libavresample-devel-3.4.2-150000.4.53.2
libavresample3-3.4.2-150000.4.53.2
libavresample3-32bit-3.4.2-150000.4.53.2
libavutil-devel-3.4.2-150000.4.53.2
libavutil55-3.4.2-150000.4.53.2
libavutil55-32bit-3.4.2-150000.4.53.2
libpostproc-devel-3.4.2-150000.4.53.2
libpostproc54-3.4.2-150000.4.53.2
libpostproc54-32bit-3.4.2-150000.4.53.2
libswresample-devel-3.4.2-150000.4.53.2
libswresample2-3.4.2-150000.4.53.2
libswresample2-32bit-3.4.2-150000.4.53.2
libswscale-devel-3.4.2-150000.4.53.2
libswscale4-3.4.2-150000.4.53.2
libswscale4-32bit-3.4.2-150000.4.53.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libavcodec-devel-3.4.2-150000.4.53.2
libavcodec57-3.4.2-150000.4.53.2
libavcodec57-32bit-3.4.2-150000.4.53.2
libavdevice-devel-3.4.2-150000.4.53.2
libavdevice57-3.4.2-150000.4.53.2
libavdevice57-32bit-3.4.2-150000.4.53.2
libavfilter-devel-3.4.2-150000.4.53.2
libavfilter6-3.4.2-150000.4.53.2
libavfilter6-32bit-3.4.2-150000.4.53.2
libavformat-devel-3.4.2-150000.4.53.2
libavformat57-3.4.2-150000.4.53.2
libavformat57-32bit-3.4.2-150000.4.53.2
libavresample-devel-3.4.2-150000.4.53.2
libavresample3-3.4.2-150000.4.53.2
libavresample3-32bit-3.4.2-150000.4.53.2
libavutil-devel-3.4.2-150000.4.53.2
libavutil55-3.4.2-150000.4.53.2
libavutil55-32bit-3.4.2-150000.4.53.2
libpostproc-devel-3.4.2-150000.4.53.2
libpostproc54-3.4.2-150000.4.53.2
libpostproc54-32bit-3.4.2-150000.4.53.2
libswresample-devel-3.4.2-150000.4.53.2
libswresample2-3.4.2-150000.4.53.2
libswresample2-32bit-3.4.2-150000.4.53.2
libswscale-devel-3.4.2-150000.4.53.2
libswscale4-3.4.2-150000.4.53.2
libswscale4-32bit-3.4.2-150000.4.53.2
Ссылки
- Link for SUSE-SU-2023:2115-1
- E-Mail link for SUSE-SU-2023:2115-1
- SUSE Security Ratings
- SUSE Bug 1140754
- SUSE Bug 1206778
- SUSE Bug 1209934
- SUSE CVE CVE-2019-13390 page
- SUSE CVE CVE-2022-3341 page
- SUSE CVE CVE-2022-48434 page
Описание
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.
Затронутые продукты
SUSE Enterprise Storage 6:libavcodec-devel-3.4.2-150000.4.53.2
SUSE Enterprise Storage 6:libavcodec57-3.4.2-150000.4.53.2
SUSE Enterprise Storage 6:libavcodec57-32bit-3.4.2-150000.4.53.2
SUSE Enterprise Storage 6:libavdevice-devel-3.4.2-150000.4.53.2
Ссылки
- CVE-2019-13390
- SUSE Bug 1140754
Описание
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
Затронутые продукты
SUSE Enterprise Storage 6:libavcodec-devel-3.4.2-150000.4.53.2
SUSE Enterprise Storage 6:libavcodec57-3.4.2-150000.4.53.2
SUSE Enterprise Storage 6:libavcodec57-32bit-3.4.2-150000.4.53.2
SUSE Enterprise Storage 6:libavdevice-devel-3.4.2-150000.4.53.2
Ссылки
- CVE-2022-3341
- SUSE Bug 1206778
Описание
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
Затронутые продукты
SUSE Enterprise Storage 6:libavcodec-devel-3.4.2-150000.4.53.2
SUSE Enterprise Storage 6:libavcodec57-3.4.2-150000.4.53.2
SUSE Enterprise Storage 6:libavcodec57-32bit-3.4.2-150000.4.53.2
SUSE Enterprise Storage 6:libavdevice-devel-3.4.2-150000.4.53.2
Ссылки
- CVE-2022-48434
- SUSE Bug 1209934