Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6449-1

Ubuntu Security Notice 6449-1 - It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that FFmpeg incorrectly handled certain input files, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS.

Packet Storm
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-6449-1October 24, 2023ffmpeg vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS (Available with Ubuntu Pro)- Ubuntu 20.04 LTS (Available with Ubuntu Pro)- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in FFmpeg.Software Description:- ffmpeg: Tools for transcoding, streaming and playing of multimedia filesDetails:It was discovered that FFmpeg incorrectly managed memory resultingin a memory leak. An attacker could possibly use this issue to causea denial of service via application crash. This issue onlyaffected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22038)It was discovered that FFmpeg incorrectly handled certain input files,leading to an integer overflow. An attacker could possibly use this issueto cause a denial of service via application crash. This issue onlyaffected Ubuntu 20.04 LTS. (CVE-2020-20898, CVE-2021-38090,CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094)It was discovered that FFmpeg incorrectly managed memory, resulting ina memory leak.  If a user or automated system were tricked intoprocessing a specially crafted input file, a remote attacker couldpossibly use this issue to cause a denial of service, or executearbitrary code. (CVE-2022-48434)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS (Available with Ubuntu Pro):   ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm2   libavcodec-extra                7:4.4.2-0ubuntu0.22.04.1+esm2   libavcodec-extra58              7:4.4.2-0ubuntu0.22.04.1+esm2   libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm2   libavdevice58                   7:4.4.2-0ubuntu0.22.04.1+esm2   libavfilter-extra               7:4.4.2-0ubuntu0.22.04.1+esm2   libavfilter-extra7              7:4.4.2-0ubuntu0.22.04.1+esm2   libavfilter7                    7:4.4.2-0ubuntu0.22.04.1+esm2   libavformat-extra               7:4.4.2-0ubuntu0.22.04.1+esm2   libavformat-extra58             7:4.4.2-0ubuntu0.22.04.1+esm2   libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm2   libavutil56                     7:4.4.2-0ubuntu0.22.04.1+esm2   libpostproc55                   7:4.4.2-0ubuntu0.22.04.1+esm2   libswresample3                  7:4.4.2-0ubuntu0.22.04.1+esm2   libswscale-dev                  7:4.4.2-0ubuntu0.22.04.1+esm2   libswscale5                     7:4.4.2-0ubuntu0.22.04.1+esm2Ubuntu 20.04 LTS (Available with Ubuntu Pro):   ffmpeg                          7:4.2.7-0ubuntu0.1+esm3   libavcodec-extra                7:4.2.7-0ubuntu0.1+esm3   libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm3   libavcodec58                    7:4.2.7-0ubuntu0.1+esm3   libavdevice58                   7:4.2.7-0ubuntu0.1+esm3   libavfilter-extra               7:4.2.7-0ubuntu0.1+esm3   libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm3   libavfilter7                    7:4.2.7-0ubuntu0.1+esm3   libavformat58                   7:4.2.7-0ubuntu0.1+esm3   libavresample4                  7:4.2.7-0ubuntu0.1+esm3   libavutil56                     7:4.2.7-0ubuntu0.1+esm3   libpostproc55                   7:4.2.7-0ubuntu0.1+esm3   libswresample3                  7:4.2.7-0ubuntu0.1+esm3   libswscale5                     7:4.2.7-0ubuntu0.1+esm3Ubuntu 18.04 LTS (Available with Ubuntu Pro):   ffmpeg                          7:3.4.11-0ubuntu0.1+esm3   libavcodec-extra                7:3.4.11-0ubuntu0.1+esm3   libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm3   libavcodec57                    7:3.4.11-0ubuntu0.1+esm3   libavdevice57                   7:3.4.11-0ubuntu0.1+esm3   libavfilter-extra               7:3.4.11-0ubuntu0.1+esm3   libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm3   libavfilter6                    7:3.4.11-0ubuntu0.1+esm3   libavformat57                   7:3.4.11-0ubuntu0.1+esm3   libavresample3                  7:3.4.11-0ubuntu0.1+esm3   libavutil55                     7:3.4.11-0ubuntu0.1+esm3   libpostproc54                   7:3.4.11-0ubuntu0.1+esm3   libswresample2                  7:3.4.11-0ubuntu0.1+esm3   libswscale4                     7:3.4.11-0ubuntu0.1+esm3In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6449-1   CVE-2020-20898, CVE-2020-22038, CVE-2021-38090, CVE-2021-38091,   CVE-2021-38092, CVE-2021-38093, CVE-2021-38094, CVE-2022-48434

Related news

Debian Security Advisory 5721-1

Debian Linux Security Advisory 5721-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Gentoo Linux Security Advisory 202312-14

Gentoo Linux Security Advisory 202312-14 - Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected.

Ubuntu Security Notice USN-6449-2

Ubuntu Security Notice 6449-2 - USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update could introduce a regression in tools using an FFmpeg library, like VLC. This updated fixes the problem. It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

CVE-2022-48434

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution