Oval Definition:oval:org.opensuse.security:def:70824
Revision Date:2021-07-14Version:1
Title:Security update for ffmpeg (Important)
Description:

This update for ffmpeg fixes the following issues:

- CVE-2020-13904: Fixed use-after-free via a crafted EXTINF duration in an m3u8 file (bsc#1172640). - CVE-2020-21041: Fixed buffer overflow vulnerability via apng_do_inverse_blend in libavcodec/pngenc.c (bsc#1186406). - CVE-2019-17539: Fixed NULL pointer dereference in avcodec_open2 in libavcodec/utils.c (bsc# 1154065). - CVE-2020-22026: Fixed buffer overflow vulnerability in config_input() at libavfilter/af_tremolo.c (bsc#1186583). - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586). - CVE-2020-22020: Fixed buffer overflow vulnerability in build_diff_map() in libavfilter/vf_fieldmatch.c (bsc#1186587). - CVE-2020-22015: Fixed buffer overflow vulnerability in mov_write_video_tag() due to the out of bounds in libavformat/movenc.c (bsc#1186596). - CVE-2020-22016: Fixed a heap-based Buffer Overflow vulnerability at libavcodec/get_bits.h when writing .mov files (bsc#1186598). - CVE-2020-22017: Fixed a heap-based Buffer Overflow vulnerability in ff_fill_rectangle() in libavfilter/drawutils.c (bsc#1186600). - CVE-2020-22022: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_fieldorder.c (bsc#1186603). - CVE-2020-22023: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_bitplanenoise.c (bsc#1186604) - CVE-2020-22025: Fixed a heap-based Buffer Overflow vulnerability in gaussian_blur at libavfilter/vf_edgedetect.c (bsc#1186605). - CVE-2020-22031: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_w3fdif.c in filter16_complex_low() (bsc#1186613). - CVE-2020-22032: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_edgedetect.c in gaussian_blur() (bsc#1186614). - CVE-2020-22034: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_floodfill.c (bsc#1186616). - CVE-2020-20451: Fixed denial of service issue due to resource management errors via fftools/cmdutils.c (bsc#1186658). - CVE-2020-20448: Fixed divide by zero issue via libavcodec/ratecontrol.c (bsc#1186660). - CVE-2020-22038: Fixed denial of service vulnerability due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c (bsc#1186757). - CVE-2020-22039: Fixed denial of service vulnerability due to a memory leak in the inavi_add_ientry function (bsc#1186758). - CVE-2020-22043: Fixed denial of service vulnerability due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c (bsc#1186762). - CVE-2020-22044: Fixed denial of service vulnerability due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c (bsc#1186763). - CVE-2020-22033,CVE-2020-22019: Fixed a heap-based Buffer Overflow Vulnerability at libavfilter/vf_vmafmotion.c in convolution_y_8bit() and in convolution_y_10bit() in libavfilter/vf_vmafmotion.c (bsc#1186615, bsc#1186597).
Family:unixClass:patch
Status:Reference(s):1159670
1172640
1175987
1176024
1176294
1176397
1177867
1178319
1178361
1178362
1186406
1186583
1186586
1186587
1186596
1186597
1186598
1186600
1186603
1186604
1186605
1186613
1186614
1186615
1186616
1186658
1186660
1186757
1186758
1186762
1186763
CVE-2014-3636
CVE-2014-3637
CVE-2014-3639
CVE-2014-7824
CVE-2014-8148
CVE-2015-0245
CVE-2019-17539
CVE-2020-13904
CVE-2020-16846
CVE-2020-17490
CVE-2020-20448
CVE-2020-20451
CVE-2020-21041
CVE-2020-22015
CVE-2020-22016
CVE-2020-22017
CVE-2020-22019
CVE-2020-22020
CVE-2020-22021
CVE-2020-22022
CVE-2020-22023
CVE-2020-22025
CVE-2020-22026
CVE-2020-22031
CVE-2020-22032
CVE-2020-22033
CVE-2020-22034
CVE-2020-22038
CVE-2020-22039
CVE-2020-22043
CVE-2020-22044
CVE-2020-25592
SUSE-SU-2020:3155-1
SUSE-SU-2021:2322-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Server Applications 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Workstation Extension 15 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND Package Information
  • dbus-1-1.12.2-6 is installed
  • OR dbus-1-devel-1.12.2-6 is installed
  • OR dbus-1-x11-1.12.2-6 is installed
  • OR libdbus-1-3-1.12.2-6 is installed
  • OR libdbus-1-3-32bit-1.12.2-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • AND Package Information
  • salt-3000-4.20 is installed
  • OR salt-api-3000-4.20 is installed
  • OR salt-cloud-3000-4.20 is installed
  • OR salt-fish-completion-3000-4.20 is installed
  • OR salt-master-3000-4.20 is installed
  • OR salt-proxy-3000-4.20 is installed
  • OR salt-ssh-3000-4.20 is installed
  • OR salt-standalone-formulas-configuration-3000-4.20 is installed
  • OR salt-syndic-3000-4.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP3 is installed
  • AND Package Information
  • libavcodec-devel-3.4.2-11.3.1 is installed
  • OR libavformat-devel-3.4.2-11.3.1 is installed
  • OR libavresample-devel-3.4.2-11.3.1 is installed
  • OR libavresample3-3.4.2-11.3.1 is installed
    • BACK