Headline
Ubuntu Security Notice USN-6803-1
Ubuntu Security Notice 6803-1 - Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 24.04 LTS. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
==========================================================================Ubuntu Security Notice USN-6803-1May 30, 2024ffmpeg vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:FFmpeg could be made to crash or run programs as your login if itopened a specially crafted file.Software Description:- ffmpeg: Tools for transcoding, streaming and playing of multimedia filesDetails:Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handledcertain input files. An attacker could possibly use this issue to causeFFmpeg to crash, resulting in a denial of service, or potential arbitrarycode execution. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-49501)Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handledcertain input files. An attacker could possibly use this issue to causeFFmpeg to crash, resulting in a denial of service, or potential arbitrarycode execution. This issue only affected Ubuntu 18.04 LTS,Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.(CVE-2023-49502)Zhang Ling and Zeng Yunxiang discovered that FFmpeg incorrectly handledcertain input files. An attacker could possibly use this issue to causeFFmpeg to crash, resulting in a denial of service, or potential arbitrarycode execution. This issue only affected Ubuntu 23.10 andUbuntu 24.04 LTS. (CVE-2023-49528)Zeng Yunxiang discovered that FFmpeg incorrectly handled certain inputfiles. An attacker could possibly use this issue to cause FFmpeg to crash,resulting in a denial of service, or potential arbitrary code execution.This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS.(CVE-2023-50007)Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handledcertain input files. An attacker could possibly use this issue to causeFFmpeg to crash, resulting in a denial of service, or potential arbitrarycode execution. This issue only affected Ubuntu 23.10 andUbuntu 24.04 LTS. (CVE-2023-50008)Zeng Yunxiang discovered that FFmpeg incorrectly handled certain inputfiles. An attacker could possibly use this issue to cause FFmpeg to crash,resulting in a denial of service, or potential arbitrary code execution.This issue only affected Ubuntu 23.10. (CVE-2023-50009)Zeng Yunxiang discovered that FFmpeg incorrectly handled certain inputfiles. An attacker could possibly use this issue to cause FFmpeg to crash,resulting in a denial of service, or potential arbitrary code execution.This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-50010)Zeng Yunxiang and Li Zeyuan discovered that FFmpeg incorrectly handledcertain input files. An attacker could possibly use this issue to causeFFmpeg to crash, resulting in a denial of service, or potential arbitrarycode execution. This issue only affected Ubuntu 23.10 andUbuntu 24.04 LTS. (CVE-2023-51793)Zeng Yunxiang discovered that FFmpeg incorrectly handled certain inputfiles. An attacker could possibly use this issue to cause FFmpeg to crash,resulting in a denial of service, or potential arbitrary code execution.This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-51794, CVE-2023-51798)Zeng Yunxiang discovered that FFmpeg incorrectly handled certain inputfiles. An attacker could possibly use this issue to cause FFmpeg to crash,resulting in a denial of service, or potential arbitrary code execution.This issue only affected Ubuntu 23.10. (CVE-2023-51795, CVE-2023-51796)It was discovered that discovered that FFmpeg incorrectly handled certaininput files. An attacker could possibly use this issue to cause FFmpeg tocrash, resulting in a denial of service, or potential arbitrary codeexecution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2024-31578)It was discovered that discovered that FFmpeg incorrectly handled certaininput files. An attacker could possibly use this issue to cause FFmpeg tocrash, resulting in a denial of service, or potential arbitrary codeexecution. This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS.(CVE-2024-31582)It was discovered that discovered that FFmpeg incorrectly handled certaininput files. An attacker could possibly use this issue to cause FFmpeg tocrash, resulting in a denial of service, or potential arbitrary codeexecution. This issue only affected Ubuntu 23.10. (CVE-2024-31585)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS ffmpeg 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavcodec-extra60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavcodec60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavdevice60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavfilter-extra9 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavfilter9 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavformat-extra60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavformat60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavutil58 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libpostproc57 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libswresample4 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libswscale7 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu ProUbuntu 23.10 ffmpeg 7:6.0-6ubuntu1.1 libavcodec-extra60 7:6.0-6ubuntu1.1 libavcodec60 7:6.0-6ubuntu1.1 libavdevice60 7:6.0-6ubuntu1.1 libavfilter-extra9 7:6.0-6ubuntu1.1 libavfilter9 7:6.0-6ubuntu1.1 libavformat-extra60 7:6.0-6ubuntu1.1 libavformat60 7:6.0-6ubuntu1.1 libavutil58 7:6.0-6ubuntu1.1 libpostproc57 7:6.0-6ubuntu1.1 libswresample4 7:6.0-6ubuntu1.1 libswscale7 7:6.0-6ubuntu1.1Ubuntu 22.04 LTS ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat-extra 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu ProUbuntu 20.04 LTS ffmpeg 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavdevice58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter7 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavformat58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavresample4 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavutil56 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libpostproc55 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libswresample3 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libswscale5 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu ProUbuntu 18.04 LTS ffmpeg 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavdevice57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter6 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavformat57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavresample3 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavutil55 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libpostproc54 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libswresample2 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libswscale4 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu ProUbuntu 16.04 LTS ffmpeg 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6803-1 CVE-2023-49501, CVE-2023-49502, CVE-2023-49528, CVE-2023-50007, CVE-2023-50008, CVE-2023-50009, CVE-2023-50010, CVE-2023-51793, CVE-2023-51794, CVE-2023-51795, CVE-2023-51796, CVE-2023-51798, CVE-2024-31578, CVE-2024-31582, CVE-2024-31585Package Information: https://launchpad.net/ubuntu/+source/ffmpeg/7:6.0-6ubuntu1.1Related news
Debian Security Advisory 5721-1
Debian Linux Security Advisory 5721-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
Debian Security Advisory 5712-1
Debian Linux Security Advisory 5712-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.