Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:2919-1

Опубликовано: 02 сент. 2021
Источник: suse-cvrf

Описание

Security update for ffmpeg

This update for ffmpeg fixes the following issues:

  • CVE-2019-9721: Fix denial of service in the subtitle decoder in handle_open_brace from libavcodec/htmlsubtitles.c (bsc#1129714).
  • CVE-2020-22046: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c (bsc#1186849).
  • CVE-2020-22048: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c (bsc#1186859).
  • CVE-2020-22049: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c (bsc#1186861).
  • CVE-2020-22054: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c (bsc#1186863).
  • CVE-2020-21688: Fixed a heap-use-after-free in the av_freep function in libavutil/mem.c (bsc#1189348).
  • CVE-2020-21697: Fixed a heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c (bsc#1189350).
  • CVE-2021-38114: Fixed a not checked return value of the init_vlc function (bsc#1189142).

Список пакетов

openSUSE Leap 15.3
ffmpeg-3.4.2-11.8.2
ffmpeg-private-devel-3.4.2-11.8.2
libavcodec-devel-3.4.2-11.8.2
libavcodec57-3.4.2-11.8.2
libavcodec57-32bit-3.4.2-11.8.2
libavdevice-devel-3.4.2-11.8.2
libavdevice57-3.4.2-11.8.2
libavdevice57-32bit-3.4.2-11.8.2
libavfilter-devel-3.4.2-11.8.2
libavfilter6-3.4.2-11.8.2
libavfilter6-32bit-3.4.2-11.8.2
libavformat-devel-3.4.2-11.8.2
libavformat57-3.4.2-11.8.2
libavformat57-32bit-3.4.2-11.8.2
libavresample-devel-3.4.2-11.8.2
libavresample3-3.4.2-11.8.2
libavresample3-32bit-3.4.2-11.8.2
libavutil-devel-3.4.2-11.8.2
libavutil55-3.4.2-11.8.2
libavutil55-32bit-3.4.2-11.8.2
libpostproc-devel-3.4.2-11.8.2
libpostproc54-3.4.2-11.8.2
libpostproc54-32bit-3.4.2-11.8.2
libswresample-devel-3.4.2-11.8.2
libswresample2-3.4.2-11.8.2
libswresample2-32bit-3.4.2-11.8.2
libswscale-devel-3.4.2-11.8.2
libswscale4-3.4.2-11.8.2
libswscale4-32bit-3.4.2-11.8.2

Ссылки

Описание

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.8.2
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec57-3.4.2-11.8.2
Ссылки

Описание

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.8.2
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec57-3.4.2-11.8.2
Ссылки

Описание

A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.8.2
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec57-3.4.2-11.8.2
Ссылки

Описание

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.8.2
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec57-3.4.2-11.8.2
Ссылки

Описание

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.8.2
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec57-3.4.2-11.8.2
Ссылки

Описание

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.8.2
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec57-3.4.2-11.8.2
Ссылки

Описание

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.8.2
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec57-3.4.2-11.8.2
Ссылки

Описание

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.8.2
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.8.2
openSUSE Leap 15.3:libavcodec57-3.4.2-11.8.2
Ссылки
Уязвимость openSUSE-SU-2021:2919-1