USN-6430-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-6430-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6430-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6430-1
Related
Published
2023-10-12T15:14:30.706509Z
Modified
2023-10-12T15:14:30.706509Z
Summary
ffmpeg vulnerabilities
Details

It was discovered that FFmpeg did not properly handle certain inputs in vf_lagfun.c, resulting in a buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-22024)

It was discovered that FFmpeg incorrectly managed memory in avienc.c, resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. (CVE-2020-22039)

It was discovered that FFmpeg incorrectly handled certain files due to a memory leak in frame.c. An attacker could possibly use this issue to cause a denial of service via application crash. This issue affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22040)

It was discovered that FFmpeg incorrectly handled certain files due to a memory leak in fifo.c. An attacker could possibly use this issue to cause a denial of service via application crash. (CVE-2020-22043)

It was discovered that FFmpeg incorrectly handled certain files due to a memory leak in vf_tile.c. If a user or automated system were tricked into processing a specially crafted MOV file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-22051)

It was discovered that FFmpeg incorrectly handled certain MOV files in timecode.c, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service using a crafted MOV file. This issue only affected Ubuntu 16.04 LTS. (CVE-2021-28429)

References

Affected packages

Ubuntu:Pro:18.04:LTS / ffmpeg

Package

Name
ffmpeg

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7:3.4.11-0ubuntu0.1+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libavfilter-extra": "7:3.4.11-0ubuntu0.1+esm2",
            "libavcodec-extra": "7:3.4.11-0ubuntu0.1+esm2",
            "libavresample-dev": "7:3.4.11-0ubuntu0.1+esm2",
            "libswscale-dev": "7:3.4.11-0ubuntu0.1+esm2",
            "libavdevice57": "7:3.4.11-0ubuntu0.1+esm2",
            "libavdevice-dev": "7:3.4.11-0ubuntu0.1+esm2",
            "libavcodec-extra57": "7:3.4.11-0ubuntu0.1+esm2",
            "libavfilter-dev": "7:3.4.11-0ubuntu0.1+esm2",
            "libavformat-dev": "7:3.4.11-0ubuntu0.1+esm2",
            "libavcodec57": "7:3.4.11-0ubuntu0.1+esm2",
            "libavfilter6": "7:3.4.11-0ubuntu0.1+esm2",
            "libswresample2": "7:3.4.11-0ubuntu0.1+esm2",
            "libavutil-dev": "7:3.4.11-0ubuntu0.1+esm2",
            "ffmpeg": "7:3.4.11-0ubuntu0.1+esm2",
            "ffmpeg-doc": "7:3.4.11-0ubuntu0.1+esm2",
            "libswscale4": "7:3.4.11-0ubuntu0.1+esm2",
            "libavformat57": "7:3.4.11-0ubuntu0.1+esm2",
            "libpostproc-dev": "7:3.4.11-0ubuntu0.1+esm2",
            "libpostproc54": "7:3.4.11-0ubuntu0.1+esm2",
            "libavresample3": "7:3.4.11-0ubuntu0.1+esm2",
            "libavcodec-dev": "7:3.4.11-0ubuntu0.1+esm2",
            "libavfilter-extra6": "7:3.4.11-0ubuntu0.1+esm2",
            "libavutil55": "7:3.4.11-0ubuntu0.1+esm2",
            "libswresample-dev": "7:3.4.11-0ubuntu0.1+esm2"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / ffmpeg

Package

Name
ffmpeg

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7:4.2.7-0ubuntu0.1+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libavfilter-extra": "7:4.2.7-0ubuntu0.1+esm2",
            "libavcodec58": "7:4.2.7-0ubuntu0.1+esm2",
            "libavresample-dev": "7:4.2.7-0ubuntu0.1+esm2",
            "libavfilter7": "7:4.2.7-0ubuntu0.1+esm2",
            "libswscale-dev": "7:4.2.7-0ubuntu0.1+esm2",
            "libavdevice-dev": "7:4.2.7-0ubuntu0.1+esm2",
            "libavfilter-dev": "7:4.2.7-0ubuntu0.1+esm2",
            "libavformat-dev": "7:4.2.7-0ubuntu0.1+esm2",
            "libavformat58": "7:4.2.7-0ubuntu0.1+esm2",
            "libavutil56": "7:4.2.7-0ubuntu0.1+esm2",
            "libavdevice58": "7:4.2.7-0ubuntu0.1+esm2",
            "libavutil-dev": "7:4.2.7-0ubuntu0.1+esm2",
            "libswscale5": "7:4.2.7-0ubuntu0.1+esm2",
            "ffmpeg": "7:4.2.7-0ubuntu0.1+esm2",
            "ffmpeg-doc": "7:4.2.7-0ubuntu0.1+esm2",
            "libavresample4": "7:4.2.7-0ubuntu0.1+esm2",
            "libavfilter-extra7": "7:4.2.7-0ubuntu0.1+esm2",
            "libpostproc-dev": "7:4.2.7-0ubuntu0.1+esm2",
            "libavcodec-extra58": "7:4.2.7-0ubuntu0.1+esm2",
            "libavcodec-dev": "7:4.2.7-0ubuntu0.1+esm2",
            "libswresample3": "7:4.2.7-0ubuntu0.1+esm2",
            "libpostproc55": "7:4.2.7-0ubuntu0.1+esm2",
            "libavcodec-extra": "7:4.2.7-0ubuntu0.1+esm2",
            "libswresample-dev": "7:4.2.7-0ubuntu0.1+esm2"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / ffmpeg

Package

Name
ffmpeg

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7:2.8.17-0ubuntu0.1+esm6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libavdevice-ffmpeg56": "7:2.8.17-0ubuntu0.1+esm6",
            "libavcodec-extra": "7:2.8.17-0ubuntu0.1+esm6",
            "libswresample-dev": "7:2.8.17-0ubuntu0.1+esm6",
            "libavresample-dev": "7:2.8.17-0ubuntu0.1+esm6",
            "libswscale-dev": "7:2.8.17-0ubuntu0.1+esm6",
            "libswresample-ffmpeg1": "7:2.8.17-0ubuntu0.1+esm6",
            "libavdevice-dev": "7:2.8.17-0ubuntu0.1+esm6",
            "libavformat-ffmpeg56": "7:2.8.17-0ubuntu0.1+esm6",
            "libswscale-ffmpeg3": "7:2.8.17-0ubuntu0.1+esm6",
            "libavfilter-dev": "7:2.8.17-0ubuntu0.1+esm6",
            "libavformat-dev": "7:2.8.17-0ubuntu0.1+esm6",
            "libavcodec-ffmpeg56": "7:2.8.17-0ubuntu0.1+esm6",
            "libavutil-dev": "7:2.8.17-0ubuntu0.1+esm6",
            "ffmpeg": "7:2.8.17-0ubuntu0.1+esm6",
            "ffmpeg-doc": "7:2.8.17-0ubuntu0.1+esm6",
            "libavresample-ffmpeg2": "7:2.8.17-0ubuntu0.1+esm6",
            "libpostproc-dev": "7:2.8.17-0ubuntu0.1+esm6",
            "libavcodec-dev": "7:2.8.17-0ubuntu0.1+esm6",
            "libpostproc-ffmpeg53": "7:2.8.17-0ubuntu0.1+esm6",
            "libavfilter-ffmpeg5": "7:2.8.17-0ubuntu0.1+esm6",
            "libav-tools": "7:2.8.17-0ubuntu0.1+esm6",
            "libavcodec-ffmpeg-extra56": "7:2.8.17-0ubuntu0.1+esm6",
            "libavutil-ffmpeg54": "7:2.8.17-0ubuntu0.1+esm6"
        }
    ]
}