openSUSE-SU-2018:0470-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2018:0470-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2018:0470-1
Related
Published
2018-02-19T09:08:21Z
Modified
2018-02-19T09:08:21Z
Summary
Security update for ffmpeg
Details

This update for ffmpeg fixes the following issues:

Updated ffmpeg to new bugfix release 3.4.2

  • Fix integer overflows, multiplication overflows, undefined shifts, and verify buffer lengths.
  • avfilter/vf_transpose: Fix used plane count [boo#1078488, CVE-2018-6392]
  • avcodec/utvideodec: Fix bytes left check in decode_frame() [boo#1079368, CVE-2018-6621]
    • Enable use of libzvbi for displaying teletext subtitles.
    • Fixed a DoS in swriaudioconvert() [boo#1072366, CVE-2017-17555].

Update to new bugfix release 3.4.1

  • Fixed integer overflows, division by zero, illegal bit shifts
  • Fixed the gmc_mmx function which failed to validate width and height [boo#1070762, CVE-2017-17081]
  • Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840]
  • ffplay: use SDL2 audio API

    • install also doc/ffserver.conf

    • Update to new upstream release 3.4

  • New video filters: deflicker, doublewave, lumakey, pixscope, oscilloscope, robterts, limiter, libvmaf, unpremultiply, tlut2, floodifll, pseudocolor, despill, convolve, vmafmotion.

  • New audio filters: afir, crossfeed, surround, headphone, superequalizer, haas.
  • Some video filters with several inputs now use a common set of options: blend, libvmaf, lut3d, overlay, psnr, ssim. They must always be used by name.
  • librsvg support for svg rasterization
  • spec-compliant VP9 muxing support in MP4
  • Remove the libnut and libschroedinger muxer/demuxer wrappers
  • drop deprecated qtkit input device (use avfoundation instead)
  • SUP/PGS subtitle muxer
  • VP9 tile threading support
  • KMS screen grabber
  • CUDA thumbnail filter
  • V4L2 mem2mem HW assisted codecs
  • Rockchip MPP hardware decoding
  • (Not in openSUSE builds, only original ones:)
  • Gremlin Digital Video demuxer and decoder
  • Additional frame format support for Interplay MVE movies
  • Dolby E decoder and SMPTE 337M demuxer
  • raw G.726 muxer and demuxer, left- and right-justified
  • NewTek NDI input/output device
  • FITS demuxer, muxer, decoder and encoder
    • Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186]
    • Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672]
References

Affected packages

SUSE:Package Hub 12 SP2 / ffmpeg

Package

Name
ffmpeg
Purl
pkg:rpm/suse/ffmpeg&distro=SUSE%20Package%20Hub%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-14.1

Ecosystem specific

{
    "binaries": [
        {
            "libavresample-devel": "3.4.2-14.1",
            "libavdevice57": "3.4.2-14.1",
            "libavdevice-devel": "3.4.2-14.1",
            "libswresample2": "3.4.2-14.1",
            "libavcodec57": "3.4.2-14.1",
            "libavfilter6": "3.4.2-14.1",
            "libavutil-devel": "3.4.2-14.1",
            "libavcodec-devel": "3.4.2-14.1",
            "ffmpeg": "3.4.2-14.1",
            "libpostproc-devel": "3.4.2-14.1",
            "libswscale4": "3.4.2-14.1",
            "libswscale-devel": "3.4.2-14.1",
            "libavformat-devel": "3.4.2-14.1",
            "libswresample-devel": "3.4.2-14.1",
            "libavformat57": "3.4.2-14.1",
            "libavresample3": "3.4.2-14.1",
            "libavfilter-devel": "3.4.2-14.1",
            "libpostproc54": "3.4.2-14.1",
            "libavutil55": "3.4.2-14.1"
        }
    ]
}