Ubuntu 24.04 LTS: USN-6803-1 Critical FFmpeg Input File Crash - DoS Risk
ubuntu
May 30, 2024
FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - ffmpeg: Tools for transcoding, streaming and playing of multimedia files Details: Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-49501) Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 18...
Read the Full Advisory
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS ffmpeg 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavcodec-extra60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavcodec60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavdevice60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavfilter-extra9 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavfilter9 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavformat-extra60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavformat60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavutil58 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libpostproc57 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libswresample4 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libswscale7 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro Ubuntu 23.10 ffmpeg 7:6.0-6ubuntu1.1 libavcodec-extra60 7:6.0-6ubuntu1.1 libavcodec60 7:6.0-6ubuntu1.1 libavdevice60 7:6.0-6ubuntu1.1 libavfilter-extra9 7:6.0-6ubuntu1.1 libavfilter9 7:6.0-6ubuntu1.1 libavformat-extra60 7:6.0-6ubuntu1.1 libavformat60 7:6.0-6ubuntu1.1 libavutil58 7:6.0-6ubuntu1.1 libpostproc57 7:6.0-6ubuntu1.1 libswresample4 7:6.0-6ubuntu1.1 libswscale7 7:6.0-6ubuntu1.1 Ubuntu 22.04 LTS ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat-extra 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro Ubuntu 20.04 LTS ffmpeg 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavdevice58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter7 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavformat58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavresample4 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavutil56 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libpostproc55 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libswresample3 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libswscale5 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro Ubuntu 18.04 LTS ffmpeg 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavdevice57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter6 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavformat57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavresample3 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavutil55 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libpostproc54 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libswresample2 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libswscale4 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS ffmpeg 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6803-1
CVE-2023-49501, CVE-2023-49502, CVE-2023-49528, CVE-2023-50007,
CVE-2023-50008, CVE-2023-50009, CVE-2023-50010, CVE-2023-51793,
CVE-2023-51794, CVE-2023-51795, CVE-2023-51796, CVE-2023-51798,
CVE-2024-31578, CVE-2024-31582, CVE-2024-31585
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-6803-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!