Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 24.04 LTS: USN-6803-1 Critical FFmpeg Input File Crash - DoS Risk

ubuntu
Calendar Grey May 30, 2024
Dist Ubuntu Esm H88
Critical vulnerabilities in FFmpeg found in Ubuntu necessitate urgent updates to prevent possible unauthorized code execution and denial-of-service attacks.
FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

FFmpeg could be made to crash or run programs as your login if it

opened a specially crafted file.

Software Description:

- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled

certain input files. An attacker could possibly use this issue to cause

FFmpeg to crash, resulting in a denial of service, or potential arbitrary

code execution. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-49501)

Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled

certain input files. An attacker could possibly use this issue to cause

FFmpeg to crash, resulting in a denial of service, or potential arbitrary

code execution. This issue only affected Ubuntu 18.04 LTS,

Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.

(CVE-2023-49502)

Zhang Ling and Zeng Yunxiang discovered that FFmpeg incorrectly handled

certain input files. An attac...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   ffmpeg                          7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavcodec-extra60              7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavcodec60                    7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavdevice60                   7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavfilter-extra9              7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavfilter9                    7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavformat-extra60             7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavformat60                   7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavutil58                     7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libpostproc57                   7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libswresample4                  7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libswscale7                     7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro

Ubuntu 23.10
   ffmpeg                          7:6.0-6ubuntu1.1
   libavcodec-extra60              7:6.0-6ubuntu1.1
   libavcodec60                    7:6.0-6ubuntu1.1
   libavdevice60                   7:6.0-6ubuntu1.1
   libavfilter-extra9              7:6.0-6ubuntu1.1
   libavfilter9                    7:6.0-6ubuntu1.1
   libavformat-extra60             7:6.0-6ubuntu1.1
   libavformat60                   7:6.0-6ubuntu1.1
   libavutil58                     7:6.0-6ubuntu1.1
   libpostproc57                   7:6.0-6ubuntu1.1
   libswresample4                  7:6.0-6ubuntu1.1
   libswscale7                     7:6.0-6ubuntu1.1

Ubuntu 22.04 LTS
   ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavcodec-extra58              7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavdevice58                   7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavfilter-extra7              7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavfilter7                    7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavformat-extra               7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavformat-extra58             7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavutil56                     7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libpostproc55                   7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libswresample3                  7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libswscale5                     7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   ffmpeg                          7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec58                    7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavdevice58                   7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter7                    7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavformat58                   7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavresample4                  7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavutil56                     7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libpostproc55                   7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswresample3                  7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswscale5                     7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   ffmpeg                          7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec57                    7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavdevice57                   7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter6                    7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavformat57                   7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavresample3                  7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavutil55                     7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libpostproc54                   7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswresample2                  7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswscale4                     7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   ffmpeg                          7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavcodec-ffmpeg-extra56       7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavcodec-ffmpeg56             7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavdevice-ffmpeg56            7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavfilter-ffmpeg5             7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavformat-ffmpeg56            7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavresample-ffmpeg2           7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavutil-ffmpeg54              7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libpostproc-ffmpeg53            7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libswresample-ffmpeg1           7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libswscale-ffmpeg3              7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6803-1

CVE-2023-49501, CVE-2023-49502, CVE-2023-49528, CVE-2023-50007,

CVE-2023-50008, CVE-2023-50009, CVE-2023-50010, CVE-2023-51793,

CVE-2023-51794, CVE-2023-51795, CVE-2023-51796, CVE-2023-51798,

CVE-2024-31578, CVE-2024-31582, CVE-2024-31585

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6803-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here