Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 528
Alerts This Week
Warning Icon 1 528

SUSE: 2023:0005-1 Important: ffmpeg Buffer Overflow and DoS Fixes

suse
Calendar Grey January 2, 2023
Dist Suse Esm H88
SUSE Security Patch: libxml2 resolves various vulnerabilities including stack overflows and resource exhaustion with essential updates.
An update that fixes 14 vulnerabilities is now available

Summary

This update for ffmpeg fixes the following issues: - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442). - CVE-2020-22042: Fixed a denial of service vulnerability led by a memory leak in the link_filter_inouts function in libavfilter/graphparser.c. (bsc#1186761) - CVE-2021-38094: Fixed an integer overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c (bsc#1190735). - CVE-2021-38093: Fixed an integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c (bsc#1190734). - CVE-2021-38092: Fixed an Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c (bsc#1190733). - CVE-2020-22037: Fixed a denial of service vulnerability due to a memory

References

#1186756 #1186761 #1187852 #1189166 #1190718

#1190719 #1190722 #1190723 #1190726 #1190729

#1190733 #1190734 #1190735 #1206442

Cross- CVE-2020-20891 CVE-2020-20892 CVE-2020-20895

CVE-2020-20896 CVE-2020-20899 CVE-2020-20902

CVE-2020-22037 CVE-2020-22042 CVE-2020-35965

CVE-2021-3566 CVE-2021-38092 CVE-2021-38093

CVE-2021-38094 CVE-2022-3109

CVSS scores:

CVE-2020-20891 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2020-20891 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2020-20892 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2020-20892 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2020-20895 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:0005-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.