Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2024:1468-1 Critical: ffmpeg Buffer Overflow and More

suse
Calendar Grey April 29, 2024
Dist Suse Esm H88
The latest ffmpeg release addresses various vulnerabilities affecting SUSE systems, providing essential security updates for compromised installations.
* bsc#1190721 * bsc#1190724 * bsc#1190727 * bsc#1190728 * bsc#1190731

Summary

## This update for ffmpeg fixes the following issues: * CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when vulkan_frames init failed (bsc#1223070) * CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235) Adding references for already fixed issues: * CVE-2021-38091: Fixed integer overflow in function filter16_sobel in libavfilter/vf_convolution.c (bsc#1190732) * CVE-2021-38090: Fixed integer overflow in function filter16_roberts in libavfilter/vf_convolution.c (bsc#1190731) * CVE-2020-20898: Fixed integer overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c (bsc#1190724) * CVE-2020-20901: Fixed buffer overflow vulnerability in function filter_frame

Topics%20covered

Topics Covered

security advisory buffer overflow critical software update heap overflow SUSE ffmpeg

References

* bsc#1190721

* bsc#1190724

* bsc#1190727

* bsc#1190728

* bsc#1190731

* bsc#1190732

* bsc#1223070

* bsc#1223235

Cross-

* CVE-2020-20894

* CVE-2020-20898

* CVE-2020-20900

* CVE-2020-20901

* CVE-2021-38090

* CVE-2021-38091

* CVE-2021-38094

* CVE-2023-49502

* CVE-2024-31578

CVSS scores:

* CVE-2020-20894 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2020-20898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2020-20898 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2020-20900 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2020-20901 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2021-38090 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1468-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow critical software update heap overflow SUSE ffmpeg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here