MGASA-2021-0495 - Updated ffmpeg packages fix security vulnerability

Publication date: 29 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0495.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2020-20446,
     CVE-2020-20450,
     CVE-2020-20453,
     CVE-2020-21041,
     CVE-2020-22015,
     CVE-2020-22019,
     CVE-2020-22021,
     CVE-2020-22033,
     CVE-2020-22037,
     CVE-2020-22038,
     CVE-2020-22042,
     CVE-2021-38114,
     CVE-2021-38171,
     CVE-2021-38291

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c,
which allows a remote malicious user to cause a Denial of Service.
(CVE-2020-20446)

FFmpeg 4.2 is affected by null pointer dereference passed as argument to
libavformat/aviobuf.c, which could cause a Denial of Service.
(CVE-2020-20450)

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder,
which allows a remote malicious user to cause a Denial of Service.
(CVE-2020-20453)

Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend
in libavcodec/pngenc.c, which could let a remote malicious user cause a
Denial of Service. (CVE-2020-21041)

Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to
the out of bounds in libavformat/movenc.c, which could let a remote
malicious user obtain sensitive information, cause a Denial of Service, or
execute arbitrary code. (CVE-2020-22015)

Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in
libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause
a Denial of Service. (CVE-2020-22019)

Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in
libavfilter/vf_yadif.c, which could let a remote malicious user cause a
Denial of Service. (CVE-2020-22021)

A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at
libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote
malicious user cause a Denial of Service. (CVE-2020-22033)

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak
in avcodec_alloc_context3 at options.c. (CVE-2020-22037)

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak
in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. (CVE-2020-22038)

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak
is affected by: memory leak in the link_filter_inouts function in
libavfilter/graphparser.c. (CVE-2020-22042)

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the
init_vlc function, a similar issue to CVE-2013-0868. (CVE-2021-38114)

adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check
the init_get_bits return value, which is a necessary step because the second
argument to init_get_bits can be crafted. (CVE-2021-38171)

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers
from a an assertion failure at src/libavutil/mathematics.c. (CVE-2021-38291)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29256
- https://ffmpeg.org/security.html
- https://lists.suse.com/pipermail/sle-security-updates/2021-July/009140.html
- https://lists.opensuse.org/archives/list/[email protected]/thread/MM55YS6XXAKFK3J35CDODMYMAZO6JX3S/
- https://lists.opensuse.org/archives/list/[email protected]/thread/RHYNSW2TAJSSTZPOYXQXGZDI6LYBWIT4/
- https://lists.opensuse.org/archives/list/[email protected]/thread/UQYGWX5BP3LA5ULPF6C7O7URBPXWRNFJ/
- https://www.debian.org/security/2021/dsa-4990
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20446
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20450
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20453
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21041
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22019
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22037
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22038
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22042
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38114
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38171
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38291

SRPMS:
- 8/core/ffmpeg-4.3.3-3.mga8
- 8/tainted/ffmpeg-4.3.3-3.mga8.tainted