Headline
Debian Security Advisory 5394-1
Debian Linux Security Advisory 5394-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5394-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffApril 30, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : ffmpegCVE ID : CVE-2022-3109Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.For the stable distribution (bullseye), this problem has been fixed inversion 7:4.3.6-0+deb11u1.We recommend that you upgrade your ffmpeg packages.For the detailed security status of ffmpeg please refer toits security tracker page at:https://security-tracker.debian.org/tracker/ffmpegFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmROuggACgkQEMKTtsN8TjYWZg//aD2+fEsZBffr5vs3AA754nFBFdAZR+0/Z1nFWrzCmFCuoDRrG3jo0onSxFkcGqghJRro2k1znoJj9mp5RRdZpkN2MTrzpGbWLjdh5IZAG3pUhXrbAC2iPwpHhGAW/CsBPbqwB+bD8VM+Dg7lp4F7HCcvPVwetBUyyTmhcxUQTyfeaPjxtjMRtktSAfJcauvWM4RmvalTEffqWx/BPmdVA2CCRHCqSpyDYbYlkkrrwerIFNUe4VcS6W2TH253bQjP63ep8gCc23hjM9KhaAcseeL00IqZXiYHgXoXFv+HCA/DwXUbI4tcdBlXhL53bGYu113pL5h5OlVjx+W0RsWnQt/LYIuOb6M3B61Jskrjranr/NQdMCgc0O0Vf+uCoF7RIcF83mpMddTJ7XAGhrGqc/g0JqP7BqTQG8IEllbx3LNR2AqWV35FD+15lbsDjGhgWdD6p92+XtJvgKWVZYuhcZqlBlq4cagdYVZWdZQitGv8nssr3oSyGlfOuD67bmIyz1ZyMkSlsl9r5STfFxC8UR9N7KvV2febcyuMBuMjJY+ar1YZB2tly5DcxspSoofwdyWODAGWBWVC065DRPPEMptPCoRKYQvZmLT2ycIEsmXWD0k0+ZLRt6Axzna2JJ1n7TSh523j+/Qnh13nzcyMibNyP+Tk0DeZkGc3h8qrYhY==PhLW-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice 5958-1 - It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.
An issue was discovered in the FFmpeg through 3.0. vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause the null pointer dereference, impacting confidentiality and availability.