SUSE-SU-2019:3184-1
- Source
- https://www.suse.com/support/update/announcement/2019/suse-su-20193184-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:3184-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2019:3184-1
- Related
- Published
- 2019-12-05T10:44:14Z
- Modified
- 2019-12-05T10:44:14Z
- Summary
- Security update for ffmpeg
- Details
-
This update for ffmpeg fixes the following issues:
Security issues fixed:
- CVE-2019-17542: Fixed a heap-buffer overflow in vqadecodechunk due to an out-of-array access (bsc#1154064). - CVE-2019-12730: Fixed an uninitialized use of variables due to an improper check (bsc#1137526). - CVE-2019-9718: Fixed a denial of service in the subtitle decode (bsc#1129715). - CVE-2018-13301: Fixed a denial of service while converting a crafted AVI file to MPEG4 (bsc#1100352). - References
-
- https://www.suse.com/support/update/announcement/2019/suse-su-20193184-1/
- https://bugzilla.suse.com/1100352
- https://bugzilla.suse.com/1129715
- https://bugzilla.suse.com/1137526
- https://bugzilla.suse.com/1154064
- https://www.suse.com/security/cve/CVE-2018-13301
- https://www.suse.com/security/cve/CVE-2019-12730
- https://www.suse.com/security/cve/CVE-2019-17542
- https://www.suse.com/security/cve/CVE-2019-9718
Affected packages
SUSE:Linux Enterprise Module for Desktop Applications 15 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- purl:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.2-4.27.1
Ecosystem specific
{
"binaries": [
{
"libpostproc-devel": "3.4.2-4.27.1",
"libswscale4": "3.4.2-4.27.1",
"libpostproc54": "3.4.2-4.27.1",
"libswscale-devel": "3.4.2-4.27.1",
"libswresample-devel": "3.4.2-4.27.1",
"libswresample2": "3.4.2-4.27.1",
"libavcodec57": "3.4.2-4.27.1",
"libavutil-devel": "3.4.2-4.27.1",
"libavutil55": "3.4.2-4.27.1"
}
]
}
SUSE:Linux Enterprise Module for Desktop Applications 15 SP1 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- purl:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.2-4.27.1
Ecosystem specific
{
"binaries": [
{
"libpostproc-devel": "3.4.2-4.27.1",
"libswscale4": "3.4.2-4.27.1",
"libpostproc54": "3.4.2-4.27.1",
"libswscale-devel": "3.4.2-4.27.1",
"libswresample-devel": "3.4.2-4.27.1",
"libswresample2": "3.4.2-4.27.1",
"libavcodec57": "3.4.2-4.27.1",
"libavutil-devel": "3.4.2-4.27.1",
"libavutil55": "3.4.2-4.27.1"
}
]
}
SUSE:Linux Enterprise Module for Package Hub 15 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- purl:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015
SUSE:Linux Enterprise Workstation Extension 15 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- purl:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015