UbuntuUpdates.org

Package "ffmpeg-doc"

Name: ffmpeg-doc

Description:

Documentation of the FFmpeg multimedia framework

Latest version: 7:3.4.11-0ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: ffmpeg
Homepage: https://ffmpeg.org/

Links


Download "ffmpeg-doc"


Other versions of "ffmpeg-doc" in Bionic

Repository Area Version
base universe 7:3.4.2-2
updates universe 7:3.4.11-0ubuntu0.1

Changelog

Version: 7:3.4.11-0ubuntu0.1 2022-06-08 20:06:19 UTC

  ffmpeg (7:3.4.11-0ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release (LP: #1970674).
    - Fixes CVE-2020-20445, CVE-2020-20446, CVE-2020-20453, CVE-2020-21041,
      CVE-2020-21688, CVE-2020-21697, CVE-2020-22015, CVE-2020-22016,
      CVE-2020-22017, CVE-2020-22019, CVE-2020-22020, CVE-2020-22021,
      CVE-2020-22022, CVE-2020-22023, CVE-2020-22025, CVE-2020-22026,
      CVE-2020-22028, CVE-2020-22031, CVE-2020-22032, CVE-2020-22033,
      CVE-2020-22034, CVE-2020-22036, CVE-2020-22037, CVE-2020-22042,
      CVE-2020-35965, CVE-2021-38114, CVE-2021-38171 and CVE-2021-38291.

 -- Luís Infante da Câmara <email address hidden> Wed, 18 May 2022 21:01:02 +0100

Source diff to previous version
1970674 New bug fix releases 3.4.11, 4.2.7 and 4.4.2
CVE-2020-20445 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.
CVE-2020-20446 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.
CVE-2020-20453 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service
CVE-2020-21041 Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a
CVE-2020-21688 A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
CVE-2020-21697 A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a cr
CVE-2020-22015 Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicio
CVE-2020-22016 A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and
CVE-2020-22017 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruptio
CVE-2020-22019 Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a De
CVE-2020-22020 Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user ca
CVE-2020-22021 Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denia
CVE-2020-22022 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption
CVE-2020-22023 A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corrup
CVE-2020-22025 A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other po
CVE-2020-22026 Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user
CVE-2020-22028 Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.
CVE-2020-22031 A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corrup
CVE-2020-22032 A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption a
CVE-2020-22033 A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious
CVE-2020-22034 A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential
CVE-2020-22036 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and
CVE-2020-22037 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
CVE-2020-22042 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfi
CVE-2020-35965 decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operatio
CVE-2021-38114 libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVE-2021-38171 adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the sec
CVE-2021-38291 FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

Version: 7:3.4.8-0ubuntu0.2 2020-07-22 17:07:01 UTC

  ffmpeg (7:3.4.8-0ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release.
    - Fixes CVE-2019-12730, CVE-2019-13390, CVE-2019-17542,
      CVE-2019-17539 and CVE-2020-13904.
  * debian/patches/0006-disable-test-lavf-fits.patch:
    - Disable lavf fits tests as it fails for i386.

 -- Eduardo Barretto <email address hidden> Thu, 16 Jul 2020 11:05:39 -0300

Source diff to previous version
CVE-2019-12730 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of u
CVE-2019-13390 In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.
CVE-2019-17542 FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
CVE-2019-17539 In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no va
CVE-2020-13904 FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and late

Version: 7:3.4.6-0ubuntu0.18.04.1 2019-05-06 17:07:09 UTC

  ffmpeg (7:3.4.6-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release. (LP: #1823786)
    - Fixes CVE-2019-9718, CVE-2019-9721, CVE-2018-15822.

 -- Eduardo Barretto <email address hidden> Wed, 24 Apr 2019 14:39:22 -0300

Source diff to previous version
1823786 [SRU] ffmpeg 3.4.6 for bionic
CVE-2019-9718 In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_ht
CVE-2019-9721 A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle
CVE-2018-15822 The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failu

Version: 7:3.4.4-0ubuntu0.18.04.1 2018-08-23 21:06:44 UTC

  ffmpeg (7:3.4.4-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: New upstream release.
    - Fixes CVE-2018-7557, CVE-2018-7751, CVE-2018-10001,
      CVE-2018-12458, CVE-2018-13300, CVE-2018-13302, CVE-2018-14394 and
      CVE-2018-14395.

 -- Eduardo Barretto <email address hidden> Wed, 22 Aug 2018 17:19:37 -0300

CVE-2018-7557 The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read)
CVE-2018-7751 The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a cr
CVE-2018-10001 The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read)
CVE-2018-12458 An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 4.0 may trigger an assertion violation while
CVE-2018-13300 In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/mov
CVE-2018-13302 In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_ea
CVE-2018-14394 libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a
CVE-2018-14395 libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a



About   -   Send Feedback to @ubuntu_updates