Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:3521-1

Опубликовано: 26 окт. 2021
Источник: suse-cvrf

Описание

Security update for ffmpeg

This update for ffmpeg fixes the following issues:

  • CVE-2021-3566: Fixed information leak (bsc#1189166).
  • CVE-2021-38093: Fixed integer overflow vulnerability in filter_robert() (bsc#1190734)
  • CVE-2021-38092: Fixed integer overflow vulnerability in filter_prewitt() (bsc#1190733)
  • CVE-2021-38094: Fixed integer overflow vulnerability in filter_sobel() (bsc#1190735)
  • CVE-2020-22037: Fixed denial of service vulnerability caused by memory leak in avcodec_alloc_context3() (bsc#1186756)
  • CVE-2020-35965: Fixed out-of-bounds write in decode_frame() (bsc#1187852)
  • CVE-2020-20892: Fixed an issue with filter_frame() (bsc#1190719)
  • CVE-2020-20891: Fixed a buffer overflow vulnerability in config_input() (bsc#1190718)
  • CVE-2020-20895: Fixed a buffer overflow vulnerability in function filter_vertically_##name (bsc#1190722)
  • CVE-2020-20896: Fixed an issue with latm_write_packet() (bsc#1190723)
  • CVE-2020-20899: Fixed a buffer overflow vulnerability in config_props() (bsc#1190726)
  • CVE-2020-20902: Fixed an out-of-bounds read vulnerabilit long_term_filter() (bsc#1190729)

Список пакетов

openSUSE Leap 15.3
ffmpeg-3.4.2-11.17.1
ffmpeg-private-devel-3.4.2-11.17.1
libavcodec-devel-3.4.2-11.17.1
libavcodec57-3.4.2-11.17.1
libavcodec57-32bit-3.4.2-11.17.1
libavdevice-devel-3.4.2-11.17.1
libavdevice57-3.4.2-11.17.1
libavdevice57-32bit-3.4.2-11.17.1
libavfilter-devel-3.4.2-11.17.1
libavfilter6-3.4.2-11.17.1
libavfilter6-32bit-3.4.2-11.17.1
libavformat-devel-3.4.2-11.17.1
libavformat57-3.4.2-11.17.1
libavformat57-32bit-3.4.2-11.17.1
libavresample-devel-3.4.2-11.17.1
libavresample3-3.4.2-11.17.1
libavresample3-32bit-3.4.2-11.17.1
libavutil-devel-3.4.2-11.17.1
libavutil55-3.4.2-11.17.1
libavutil55-32bit-3.4.2-11.17.1
libpostproc-devel-3.4.2-11.17.1
libpostproc54-3.4.2-11.17.1
libpostproc54-32bit-3.4.2-11.17.1
libswresample-devel-3.4.2-11.17.1
libswresample2-3.4.2-11.17.1
libswresample2-32bit-3.4.2-11.17.1
libswscale-devel-3.4.2-11.17.1
libswscale4-3.4.2-11.17.1
libswscale4-32bit-3.4.2-11.17.1

Ссылки

Описание

Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22028. Reason: This candidate is a duplicate of CVE-2020-22028. Notes: All CVE users should reference CVE-2020-22028 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22036. Reason: This candidate is a duplicate of CVE-2020-22036. Notes: All CVE users should reference CVE-2020-22036 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки

Описание

Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

Затронутые продукты
openSUSE Leap 15.3:ffmpeg-3.4.2-11.17.1
openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.17.1
openSUSE Leap 15.3:libavcodec57-3.4.2-11.17.1
Ссылки
Уязвимость openSUSE-SU-2021:3521-1