Описание
Security update for ffmpeg-4
This update for ffmpeg-4 fixes the following issues:
- CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when vulkan_frames init failed (bsc#1223070)
- CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235)
- CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libavcodec58_134-4.4-150400.3.24.1
libavformat58_76-4.4-150400.3.24.1
libavutil56_70-4.4-150400.3.24.1
libpostproc55_9-4.4-150400.3.24.1
libswresample3_9-4.4-150400.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libavcodec58_134-4.4-150400.3.24.1
libavformat58_76-4.4-150400.3.24.1
libavutil56_70-4.4-150400.3.24.1
libpostproc55_9-4.4-150400.3.24.1
libswresample3_9-4.4-150400.3.24.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
ffmpeg-4-4.4-150400.3.24.1
ffmpeg-4-libavcodec-devel-4.4-150400.3.24.1
ffmpeg-4-libavdevice-devel-4.4-150400.3.24.1
ffmpeg-4-libavfilter-devel-4.4-150400.3.24.1
ffmpeg-4-libavformat-devel-4.4-150400.3.24.1
ffmpeg-4-libavresample-devel-4.4-150400.3.24.1
ffmpeg-4-libavutil-devel-4.4-150400.3.24.1
ffmpeg-4-libpostproc-devel-4.4-150400.3.24.1
ffmpeg-4-libswresample-devel-4.4-150400.3.24.1
ffmpeg-4-libswscale-devel-4.4-150400.3.24.1
ffmpeg-4-private-devel-4.4-150400.3.24.1
libavcodec58_134-4.4-150400.3.24.1
libavdevice58_13-4.4-150400.3.24.1
libavfilter7_110-4.4-150400.3.24.1
libavformat58_76-4.4-150400.3.24.1
libavresample4_0-4.4-150400.3.24.1
libavutil56_70-4.4-150400.3.24.1
libpostproc55_9-4.4-150400.3.24.1
libswresample3_9-4.4-150400.3.24.1
libswscale5_9-4.4-150400.3.24.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libavcodec58_134-4.4-150400.3.24.1
libavformat58_76-4.4-150400.3.24.1
libavutil56_70-4.4-150400.3.24.1
libpostproc55_9-4.4-150400.3.24.1
libswresample3_9-4.4-150400.3.24.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libavcodec58_134-4.4-150400.3.24.1
libavformat58_76-4.4-150400.3.24.1
libavutil56_70-4.4-150400.3.24.1
libpostproc55_9-4.4-150400.3.24.1
libswresample3_9-4.4-150400.3.24.1
SUSE Linux Enterprise Workstation Extension 15 SP5
libavcodec58_134-4.4-150400.3.24.1
libavformat58_76-4.4-150400.3.24.1
libavutil56_70-4.4-150400.3.24.1
libswresample3_9-4.4-150400.3.24.1
libswscale5_9-4.4-150400.3.24.1
openSUSE Leap 15.5
ffmpeg-4-4.4-150400.3.24.1
ffmpeg-4-libavcodec-devel-4.4-150400.3.24.1
ffmpeg-4-libavdevice-devel-4.4-150400.3.24.1
ffmpeg-4-libavfilter-devel-4.4-150400.3.24.1
ffmpeg-4-libavformat-devel-4.4-150400.3.24.1
ffmpeg-4-libavresample-devel-4.4-150400.3.24.1
ffmpeg-4-libavutil-devel-4.4-150400.3.24.1
ffmpeg-4-libpostproc-devel-4.4-150400.3.24.1
ffmpeg-4-libswresample-devel-4.4-150400.3.24.1
ffmpeg-4-libswscale-devel-4.4-150400.3.24.1
ffmpeg-4-private-devel-4.4-150400.3.24.1
libavcodec58_134-4.4-150400.3.24.1
libavcodec58_134-32bit-4.4-150400.3.24.1
libavdevice58_13-4.4-150400.3.24.1
libavdevice58_13-32bit-4.4-150400.3.24.1
libavfilter7_110-4.4-150400.3.24.1
libavfilter7_110-32bit-4.4-150400.3.24.1
libavformat58_76-4.4-150400.3.24.1
libavformat58_76-32bit-4.4-150400.3.24.1
libavresample4_0-4.4-150400.3.24.1
libavresample4_0-32bit-4.4-150400.3.24.1
libavutil56_70-4.4-150400.3.24.1
libavutil56_70-32bit-4.4-150400.3.24.1
libpostproc55_9-4.4-150400.3.24.1
libpostproc55_9-32bit-4.4-150400.3.24.1
libswresample3_9-4.4-150400.3.24.1
libswresample3_9-32bit-4.4-150400.3.24.1
libswscale5_9-4.4-150400.3.24.1
libswscale5_9-32bit-4.4-150400.3.24.1
Ссылки
- Link for SUSE-SU-2024:1470-1
- E-Mail link for SUSE-SU-2024:1470-1
- SUSE Security Ratings
- SUSE Bug 1223070
- SUSE Bug 1223235
- SUSE Bug 1223272
- SUSE CVE CVE-2023-49502 page
- SUSE CVE CVE-2023-51793 page
- SUSE CVE CVE-2024-31578 page
Описание
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavcodec58_134-4.4-150400.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavformat58_76-4.4-150400.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavutil56_70-4.4-150400.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpostproc55_9-4.4-150400.3.24.1
Ссылки
- CVE-2023-49502
- SUSE Bug 1223235
Описание
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavcodec58_134-4.4-150400.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavformat58_76-4.4-150400.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavutil56_70-4.4-150400.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpostproc55_9-4.4-150400.3.24.1
Ссылки
- CVE-2023-51793
- SUSE Bug 1223272
Описание
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavcodec58_134-4.4-150400.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavformat58_76-4.4-150400.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavutil56_70-4.4-150400.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpostproc55_9-4.4-150400.3.24.1
Ссылки
- CVE-2024-31578
- SUSE Bug 1223070