Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Mageia 8: MGASA-2021-0495 Moderate: FFmpeg Denial Of Service

mageia
Calendar Grey October 29, 2021
Dist Mageia Esm H88
Mageia 8 ffmpeg security alert MGASA-2021-0495 warns about several Denial of Service flaws. Take action and update immediately!
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service

Summary

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. (CVE-2020-20446)
FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. (CVE-2020-20450)
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service. (CVE-2020-20453)
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service. (CVE-2020-21041)
Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. (CVE-2020-22015)
Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_v...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29256

- https://ffmpeg.org//security.html

- https://lists.suse.com/pipermail/sle-security-updates/2021-July/009140.html

-

-

-

- https://lists.debian.org/debian-security-announce/2021/msg00175.html

- https://www.cve.org/CVERecord?id=CVE-2020-20446

- https://www.cve.org/CVERecord?id=CVE-2020-20450

- https://www.cve.org/CVERecord?id=CVE-2020-20453

- https://www.cve.org/CVERecord?id=CVE-2020-21041

- https://www.cve.org/CVERecord?id=CVE-2020-22015

- https://www.cve.org/CVERecord?id=CVE-2020-22019

- https://www.cve.org/CVERecord?id=CVE-2020-22021

- https://www.cve.org/CVERecord?id=CVE-2020-22033

- https://www.cve.org/CVERecord?id=CVE-2020-22037

- https://www.cve.org/CVERecord?id=CVE-2020-22038

- https://www.cve.org/CVERecord?id=CVE-2020-22042

- https://www.cve.org/CVERecord?id=CVE-2021-38114

- https://www.cve.org/CVERecord?id=CVE-2021-38171

- https://www.cve.org/CVERecord?id=CVE-2021-38291

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow remote exploit moderate severity ffmpeg mageia

Resolution

SRPMS

- 8/core/ffmpeg-4.3.3-3.mga8

- 8/tainted/ffmpeg-4.3.3-3.mga8.tainted

Publication date: 29 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0495.html
Type: security
CVE: CVE-2020-20446, CVE-2020-20450, CVE-2020-20453, CVE-2020-21041, CVE-2020-22015, CVE-2020-22019, CVE-2020-22021, CVE-2020-22033, CVE-2020-22037, CVE-2020-22038, CVE-2020-22042, CVE-2021-38114, CVE-2021-38171, CVE-2021-38291

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow remote exploit moderate severity ffmpeg mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here