MGASA-2021-0495
- Source
- https://advisories.mageia.org/MGASA-2021-0495.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0495.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2021-0495
- Related
- Published
- 2021-10-29T19:32:22Z
- Modified
- 2021-10-29T18:54:45Z
- Summary
- Updated ffmpeg packages fix security vulnerability
- Details
-
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. (CVE-2020-20446)
FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. (CVE-2020-20450)
FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service. (CVE-2020-20453)
Buffer Overflow vulnerability exists in FFmpeg 4.1 via apngdoinverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service. (CVE-2020-21041)
Buffer Overflow vulnerability in FFmpeg 4.2 in movwritevideo_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. (CVE-2020-22015)
Buffer Overflow vulnerability in FFmpeg 4.2 at convolutiony10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. (CVE-2020-22019)
Buffer Overflow vulnerability in FFmpeg 4.2 at filteredges function in libavfilter/vfyadif.c, which could let a remote malicious user cause a Denial of Service. (CVE-2020-22021)
A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vfvmafmotion.c in convolutiony_8bit, which could let a remote malicious user cause a Denial of Service. (CVE-2020-22033)
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodecalloccontext3 at options.c. (CVE-2020-22037)
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ffv4l2m2mcreatecontext function in v4l2_m2m.c. (CVE-2020-22038)
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the linkfilterinouts function in libavfilter/graphparser.c. (CVE-2020-22042)
libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. (CVE-2021-38114)
adtsdecodeextradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the initgetbits return value, which is a necessary step because the second argument to initgetbits can be crafted. (CVE-2021-38171)
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. (CVE-2021-38291)
- References
-
- https://advisories.mageia.org/MGASA-2021-0495.html
- https://bugs.mageia.org/show_bug.cgi?id=29256
- http://ffmpeg.org/security.html
- https://lists.suse.com/pipermail/sle-security-updates/2021-July/009140.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MM55YS6XXAKFK3J35CDODMYMAZO6JX3S/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RHYNSW2TAJSSTZPOYXQXGZDI6LYBWIT4/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UQYGWX5BP3LA5ULPF6C7O7URBPXWRNFJ/
- https://www.debian.org/security/2021/dsa-4990
- Credits
-
-
- Mageia - COORDINATOR
-