Описание
Security update for ffmpeg
This update for ffmpeg fixes the following issues:
- CVE-2021-38171: Fixed adts_decode_extradata in libavformat/adtsenc.c to check the init_get_bits return value (bsc#1189724).
Список пакетов
openSUSE Leap 15.3
ffmpeg-3.4.2-11.11.1
ffmpeg-private-devel-3.4.2-11.11.1
libavcodec-devel-3.4.2-11.11.1
libavcodec57-3.4.2-11.11.1
libavcodec57-32bit-3.4.2-11.11.1
libavdevice-devel-3.4.2-11.11.1
libavdevice57-3.4.2-11.11.1
libavdevice57-32bit-3.4.2-11.11.1
libavfilter-devel-3.4.2-11.11.1
libavfilter6-3.4.2-11.11.1
libavfilter6-32bit-3.4.2-11.11.1
libavformat-devel-3.4.2-11.11.1
libavformat57-3.4.2-11.11.1
libavformat57-32bit-3.4.2-11.11.1
libavresample-devel-3.4.2-11.11.1
libavresample3-3.4.2-11.11.1
libavresample3-32bit-3.4.2-11.11.1
libavutil-devel-3.4.2-11.11.1
libavutil55-3.4.2-11.11.1
libavutil55-32bit-3.4.2-11.11.1
libpostproc-devel-3.4.2-11.11.1
libpostproc54-3.4.2-11.11.1
libpostproc54-32bit-3.4.2-11.11.1
libswresample-devel-3.4.2-11.11.1
libswresample2-3.4.2-11.11.1
libswresample2-32bit-3.4.2-11.11.1
libswscale-devel-3.4.2-11.11.1
libswscale4-3.4.2-11.11.1
libswscale4-32bit-3.4.2-11.11.1
Ссылки
- E-Mail link for openSUSE-SU-2021:3193-1
- SUSE Security Ratings
- SUSE Bug 1189724
- SUSE CVE CVE-2021-38171 page
Описание
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.11.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.11.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.11.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.11.1
Ссылки
- CVE-2021-38171
- SUSE Bug 1189724