[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

SUSE-SU-2018:3609-1 -- SLES ffmpeg, libavcodec57, libavutil-devel, libavutil55, libpostproc-devel, libpostproc54, libswresample-devel, libswresample2, libswscale-devel, libswscale4

ID: oval:org.secpod.oval:def:89049762Date: (C)2023-11-10   (M)2023-11-10
Class: PATCHFamily: unix




This update for ffmpeg fixes the following issues: - CVE-2018-13300: An improper argument passed to the avpriv_request_sample function may have triggered an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure - CVE-2018-15822: The flv_write_packet function did not check for an empty audio packet, leading to an assertion failure and DoS - CVE-2018-13305: Due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. - CVE-2018-12458: An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c might have triggered an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. .

Platform:
SUSE Linux Enterprise Desktop 15
Product:
ffmpeg
libavcodec57
libavutil-devel
libavutil55
libpostproc-devel
libpostproc54
libswresample-devel
libswresample2
libswscale-devel
libswscale4
Reference:
SUSE-SU-2018:3609-1
CVE-2018-12458
CVE-2018-13300
CVE-2018-13305
CVE-2018-15822
CVE    4
CVE-2018-12458
CVE-2018-13305
CVE-2018-13300
CVE-2018-15822
...
CPE    12
cpe:/a:ffmpeg:ffmpeg
cpe:/a:ffmpeg:ffmpeg:4.0.1
cpe:/a:ffmpeg:ffmpeg:2.8
cpe:/a:libswresample:libswresample-devel
...

© SecPod Technologies