Headline
Ubuntu Security Notice USN-5958-1
Ubuntu Security Notice 5958-1 - It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.
==========================================================================
Ubuntu Security Notice USN-5958-1
March 16, 2023
ffmpeg vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in FFmpeg.
Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files
Details:
It was discovered that FFmpeg could be made to dereference a null
pointer. An attacker could possibly use this to cause a denial of
service via application crash. These issues only affected Ubuntu
16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2022-3109, CVE-2022-3341)
It was discovered that FFmpeg could be made to access an out-of-bounds
frame by the Apple RPZA encoder. An attacker could possibly use this
to cause a denial of service via application crash or access sensitive
information. This issue only affected Ubuntu 20.04 LTS and Ubuntu
22.10. (CVE-2022-3964)
It was discovered that FFmpeg could be made to access an out-of-bounds
frame by the QuickTime encoder. An attacker could possibly use this to
cause a denial of service via application crash or access sensitive
information. This issue only affected Ubuntu 22.10. (CVE-2022-3965)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
ffmpeg 7:5.1.1-1ubuntu2.1
libavcodec-extra 7:5.1.1-1ubuntu2.1
libavcodec-extra59 7:5.1.1-1ubuntu2.1
libavcodec59 7:5.1.1-1ubuntu2.1
libavdevice59 7:5.1.1-1ubuntu2.1
libavfilter-extra 7:5.1.1-1ubuntu2.1
libavfilter-extra8 7:5.1.1-1ubuntu2.1
libavfilter8 7:5.1.1-1ubuntu2.1
libavformat-extra 7:5.1.1-1ubuntu2.1
libavformat-extra59 7:5.1.1-1ubuntu2.1
libavformat59 7:5.1.1-1ubuntu2.1
libavutil57 7:5.1.1-1ubuntu2.1
libpostproc56 7:5.1.1-1ubuntu2.1
libswresample4 7:5.1.1-1ubuntu2.1
libswscale6 7:5.1.1-1ubuntu2.1
Ubuntu 22.04 LTS:
ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm1
libavcodec-extra 7:4.4.2-0ubuntu0.22.04.1+esm1
libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm1
libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm1
libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm1
libavfilter-extra 7:4.4.2-0ubuntu0.22.04.1+esm1
libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm1
libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm1
libavformat-extra 7:4.4.2-0ubuntu0.22.04.1+esm1
libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm1
libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm1
libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm1
libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm1
libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm1
libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm1
Ubuntu 20.04 LTS:
ffmpeg 7:4.2.7-0ubuntu0.1+esm1
libavcodec-extra 7:4.2.7-0ubuntu0.1+esm1
libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm1
libavcodec58 7:4.2.7-0ubuntu0.1+esm1
libavdevice58 7:4.2.7-0ubuntu0.1+esm1
libavfilter-extra 7:4.2.7-0ubuntu0.1+esm1
libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm1
libavfilter7 7:4.2.7-0ubuntu0.1+esm1
libavformat58 7:4.2.7-0ubuntu0.1+esm1
libavresample4 7:4.2.7-0ubuntu0.1+esm1
libavutil56 7:4.2.7-0ubuntu0.1+esm1
libpostproc55 7:4.2.7-0ubuntu0.1+esm1
libswresample3 7:4.2.7-0ubuntu0.1+esm1
libswscale5 7:4.2.7-0ubuntu0.1+esm1
Ubuntu 18.04 LTS:
ffmpeg 7:3.4.11-0ubuntu0.1+esm1
libavcodec-extra 7:3.4.11-0ubuntu0.1+esm1
libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm1
libavcodec57 7:3.4.11-0ubuntu0.1+esm1
libavdevice57 7:3.4.11-0ubuntu0.1+esm1
libavfilter-extra 7:3.4.11-0ubuntu0.1+esm1
libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm1
libavfilter6 7:3.4.11-0ubuntu0.1+esm1
libavformat57 7:3.4.11-0ubuntu0.1+esm1
libavresample3 7:3.4.11-0ubuntu0.1+esm1
libavutil55 7:3.4.11-0ubuntu0.1+esm1
libpostproc54 7:3.4.11-0ubuntu0.1+esm1
libswresample2 7:3.4.11-0ubuntu0.1+esm1
libswscale4 7:3.4.11-0ubuntu0.1+esm1
Ubuntu 16.04 ESM:
ffmpeg 7:2.8.17-0ubuntu0.1+esm5
libav-tools 7:2.8.17-0ubuntu0.1+esm5
libavcodec-extra 7:2.8.17-0ubuntu0.1+esm5
libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm5
libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm5
libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm5
libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm5
libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm5
libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm5
libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm5
libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm5
libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm5
libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5958-1
CVE-2022-3109, CVE-2022-3341, CVE-2022-3964, CVE-2022-3965,
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/2007269
Package Information:
https://launchpad.net/ubuntu/+source/ffmpeg/7:5.1.1-1ubuntu2.1
Related news
Gentoo Linux Security Advisory 202312-14 - Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected.
Debian Linux Security Advisory 5394-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.
An issue was discovered in the FFmpeg through 3.0. vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause the null pointer dereference, impacting confidentiality and availability.
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.