Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 20.04 LTS USN-6430-1: FFmpeg Memory Leak and Buffer Overflow

ubuntu
Calendar Grey October 12, 2023
Dist Ubuntu Esm H88
Numerous security updates for ffmpeg on Ubuntu tackle vulnerabilities related to buffer overflows and memory leaks, which could result in application failures.
Several security issues were fixed in FFmpeg.

Summary

Several security issues were fixed in FFmpeg.

Software Description:

- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

It was discovered that FFmpeg did not properly handle certain inputs in

vf_lagfun.c, resulting in a buffer overflow vulnerability. An attacker

could possibly use this issue to cause a denial of service via application

crash. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-22024)

It was discovered that FFmpeg incorrectly managed memory in avienc.c,

resulting in a memory leak. An attacker could possibly use this issue

to cause a denial of service via application crash. (CVE-2020-22039)

It was discovered that FFmpeg incorrectly handled certain files due to a

memory leak in frame.c. An attacker could possibly use this issue to cause

a denial of service via application crash. This issue affected

Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22040)

It was discovered that FFmpeg incorrectly handled certain files due to a

memo...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
  ffmpeg                          7:4.2.7-0ubuntu0.1+esm2
  libavcodec-extra                7:4.2.7-0ubuntu0.1+esm2
  libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm2
  libavcodec58                    7:4.2.7-0ubuntu0.1+esm2
  libavdevice58                   7:4.2.7-0ubuntu0.1+esm2
  libavfilter-extra               7:4.2.7-0ubuntu0.1+esm2
  libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm2
  libavfilter7                    7:4.2.7-0ubuntu0.1+esm2
  libavformat58                   7:4.2.7-0ubuntu0.1+esm2
  libavresample4                  7:4.2.7-0ubuntu0.1+esm2
  libavutil56                     7:4.2.7-0ubuntu0.1+esm2
  libpostproc55                   7:4.2.7-0ubuntu0.1+esm2
  libswresample3                  7:4.2.7-0ubuntu0.1+esm2
  libswscale5                     7:4.2.7-0ubuntu0.1+esm2

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  ffmpeg                          7:3.4.11-0ubuntu0.1+esm2
  libavcodec-extra                7:3.4.11-0ubuntu0.1+esm2
  libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm2
  libavcodec57                    7:3.4.11-0ubuntu0.1+esm2
  libavdevice57                   7:3.4.11-0ubuntu0.1+esm2
  libavfilter-extra               7:3.4.11-0ubuntu0.1+esm2
  libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm2
  libavfilter6                    7:3.4.11-0ubuntu0.1+esm2
  libavformat57                   7:3.4.11-0ubuntu0.1+esm2
  libavresample3                  7:3.4.11-0ubuntu0.1+esm2
  libavutil55                     7:3.4.11-0ubuntu0.1+esm2
  libpostproc54                   7:3.4.11-0ubuntu0.1+esm2
  libswresample2                  7:3.4.11-0ubuntu0.1+esm2
  libswscale4                     7:3.4.11-0ubuntu0.1+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  ffmpeg                          7:2.8.17-0ubuntu0.1+esm6
  libav-tools                     7:2.8.17-0ubuntu0.1+esm6
  libavcodec-extra                7:2.8.17-0ubuntu0.1+esm6
  libavcodec-ffmpeg-extra56       7:2.8.17-0ubuntu0.1+esm6
  libavcodec-ffmpeg56             7:2.8.17-0ubuntu0.1+esm6
  libavdevice-ffmpeg56            7:2.8.17-0ubuntu0.1+esm6
  libavfilter-ffmpeg5             7:2.8.17-0ubuntu0.1+esm6
  libavformat-ffmpeg56            7:2.8.17-0ubuntu0.1+esm6
  libavresample-ffmpeg2           7:2.8.17-0ubuntu0.1+esm6
  libavutil-ffmpeg54              7:2.8.17-0ubuntu0.1+esm6
  libpostproc-ffmpeg53            7:2.8.17-0ubuntu0.1+esm6
  libswresample-ffmpeg1           7:2.8.17-0ubuntu0.1+esm6
  libswscale-ffmpeg3              7:2.8.17-0ubuntu0.1+esm6

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6430-1

CVE-2020-22024, CVE-2020-22039, CVE-2020-22040, CVE-2020-22043,

CVE-2020-22051, CVE-2021-28429

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6430-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here