Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Ubuntu 20.04 LTS USN-6430-1: FFmpeg Memory Leak and Buffer Overflow

ubuntu
Calendar Grey October 12, 2023
Dist Ubuntu Esm H88
Numerous security updates for ffmpeg on Ubuntu tackle vulnerabilities related to buffer overflows and memory leaks, which could result in application failures.
Several security issues were fixed in FFmpeg.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in FFmpeg. Software Description: - ffmpeg: Tools for transcoding, streaming and playing of multimedia files Details: It was discovered that FFmpeg did not properly handle certain inputs in vf_lagfun.c, resulting in a buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-22024) It was discovered that FFmpeg incorrectly managed memory in avienc.c, resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. (CVE-2020-22039) It was discovered that FFmpeg incorrectly handled certain files due to a memory leak in frame.c. An attacker could possib...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow Ubuntu memory leak FFmpeg

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS (Available with Ubuntu Pro): ffmpeg 7:4.2.7-0ubuntu0.1+esm2 libavcodec-extra 7:4.2.7-0ubuntu0.1+esm2 libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm2 libavcodec58 7:4.2.7-0ubuntu0.1+esm2 libavdevice58 7:4.2.7-0ubuntu0.1+esm2 libavfilter-extra 7:4.2.7-0ubuntu0.1+esm2 libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm2 libavfilter7 7:4.2.7-0ubuntu0.1+esm2 libavformat58 7:4.2.7-0ubuntu0.1+esm2 libavresample4 7:4.2.7-0ubuntu0.1+esm2 libavutil56 7:4.2.7-0ubuntu0.1+esm2 libpostproc55 7:4.2.7-0ubuntu0.1+esm2 libswresample3 7:4.2.7-0ubuntu0.1+esm2 libswscale5 7:4.2.7-0ubuntu0.1+esm2 Ubuntu 18.04 LTS (Available with Ubuntu Pro): ffmpeg 7:3.4.11-0ubuntu0.1+esm2 libavcodec-extra 7:3.4.11-0ubuntu0.1+esm2 libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm2 libavcodec57 7:3.4.11-0ubuntu0.1+esm2 libavdevice57 7:3.4.11-0ubuntu0.1+esm2 libavfilter-extra 7:3.4.11-0ubuntu0.1+esm2 libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm2 libavfilter6 7:3.4.11-0ubuntu0.1+esm2 libavformat57 7:3.4.11-0ubuntu0.1+esm2 libavresample3 7:3.4.11-0ubuntu0.1+esm2 libavutil55 7:3.4.11-0ubuntu0.1+esm2 libpostproc54 7:3.4.11-0ubuntu0.1+esm2 libswresample2 7:3.4.11-0ubuntu0.1+esm2 libswscale4 7:3.4.11-0ubuntu0.1+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): ffmpeg 7:2.8.17-0ubuntu0.1+esm6 libav-tools 7:2.8.17-0ubuntu0.1+esm6 libavcodec-extra 7:2.8.17-0ubuntu0.1+esm6 libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm6 libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm6 libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm6 libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm6 libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm6 libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm6 libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm6 libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm6 libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm6 libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm6 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6430-1

CVE-2020-22024, CVE-2020-22039, CVE-2020-22040, CVE-2020-22043,

CVE-2020-22051, CVE-2021-28429

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6430-1

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow Ubuntu memory leak FFmpeg

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here