Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 545
Alerts This Week
Warning Icon 1 545

SUSE: 2021:2322-1 Important: FFmpeg Buffer Overflow Mitigations

suse
Calendar Grey July 14, 2021
Scroller Suse Esm H88
SUSE has issued a vital security patch addressing 23 vulnerabilities within ffmpeg, which includes fixes for buffer overflow and denial of service weaknesses.
An update that fixes 23 vulnerabilities is now available

Summary

This update for ffmpeg fixes the following issues: - CVE-2020-13904: Fixed use-after-free via a crafted EXTINF duration in an m3u8 file (bsc#1172640). - CVE-2020-21041: Fixed buffer overflow vulnerability via apng_do_inverse_blend in libavcodec/pngenc.c (bsc#1186406). - CVE-2019-17539: Fixed NULL pointer dereference in avcodec_open2 in libavcodec/utils.c (bsc# 1154065). - CVE-2020-22026: Fixed buffer overflow vulnerability in config_input() at libavfilter/af_tremolo.c (bsc#1186583). - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586). - CVE-2020-22020: Fixed buffer overflow vulnerability in build_diff_map() in libavfilter/vf_fieldmatch.c (bsc#1186587). - CVE-2020-22015: Fixed buffer overflow vulnerability in

References

#1172640 #1186406 #1186583 #1186586 #1186587

#1186596 #1186597 #1186598 #1186600 #1186603

#1186604 #1186605 #1186613 #1186614 #1186615

#1186616 #1186658 #1186660 #1186757 #1186758

#1186762 #1186763

Cross- CVE-2019-17539 CVE-2020-13904 CVE-2020-20448

CVE-2020-20451 CVE-2020-21041 CVE-2020-22015

CVE-2020-22016 CVE-2020-22017 CVE-2020-22019

CVE-2020-22020 CVE-2020-22021 CVE-2020-22022

CVE-2020-22023 CVE-2020-22025 CVE-2020-22026

CVE-2020-22031 CVE-2020-22032 CVE-2020-22033

CVE-2020-22034 CVE-2020-22038 CVE-2020-22039

CVE-2020-22043 CVE-2020-22044

CVSS scores:

CVE-2019-17539 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2019-17539 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2322-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.