openSUSE-SU-2019:1066-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1066-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2019:1066-1
Related
Published
2019-03-28T05:49:45Z
Modified
2019-03-28T05:49:45Z
Summary
Security update for ffmpeg-4
Details

This update for ffmpeg-4 to version 4.0.2 fixes the following issues:

These security issues were fixed:

  • CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS (bsc#1105869).
  • CVE-2018-13300: An improper argument passed to the avprivrequestsample function may have triggered an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure (bsc#1100348).

These non-security issues were fixed:

  • Enable webvtt encoders and decoders (boo#1092241).
  • Build codec2 encoder and decoder, add libcodec2 to enabledecoders and enableencoders.
  • Enable mpeg 1 and 2 encoders.

This update was imported from the openSUSE:Leap:15.0:Update update project.

References

Affected packages

SUSE:Package Hub 15 / ffmpeg-4

Package

Name
ffmpeg-4
Purl
pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Package%20Hub%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.2-bp150.21.1

Ecosystem specific

{
    "binaries": [
        {
            "libavformat58-64bit": "4.0.2-bp150.21.1",
            "ffmpeg-4-libavutil-devel": "4.0.2-bp150.21.1",
            "libavfilter7-64bit": "4.0.2-bp150.21.1",
            "ffmpeg-4-private-devel": "4.0.2-bp150.21.1",
            "libavformat58": "4.0.2-bp150.21.1",
            "libavutil56": "4.0.2-bp150.21.1",
            "libavdevice58": "4.0.2-bp150.21.1",
            "ffmpeg-4-libavfilter-devel": "4.0.2-bp150.21.1",
            "libswresample3-64bit": "4.0.2-bp150.21.1",
            "ffmpeg-4-libavcodec-devel": "4.0.2-bp150.21.1",
            "libavresample4": "4.0.2-bp150.21.1",
            "ffmpeg-4-libavresample-devel": "4.0.2-bp150.21.1",
            "libavdevice58-64bit": "4.0.2-bp150.21.1",
            "libpostproc55": "4.0.2-bp150.21.1",
            "ffmpeg-4-libswscale-devel": "4.0.2-bp150.21.1",
            "libavutil56-64bit": "4.0.2-bp150.21.1",
            "ffmpeg-4-libavformat-devel": "4.0.2-bp150.21.1",
            "libavcodec58": "4.0.2-bp150.21.1",
            "libavfilter7": "4.0.2-bp150.21.1",
            "libavresample4-64bit": "4.0.2-bp150.21.1",
            "libswscale5": "4.0.2-bp150.21.1",
            "ffmpeg-4-libpostproc-devel": "4.0.2-bp150.21.1",
            "ffmpeg-4-libavdevice-devel": "4.0.2-bp150.21.1",
            "libpostproc55-64bit": "4.0.2-bp150.21.1",
            "libavcodec58-64bit": "4.0.2-bp150.21.1",
            "libswresample3": "4.0.2-bp150.21.1",
            "libswscale5-64bit": "4.0.2-bp150.21.1",
            "ffmpeg-4-libswresample-devel": "4.0.2-bp150.21.1"
        }
    ]
}