UbuntuUpdates.org

Package "libavformat58"

Name: libavformat58

Description:

FFmpeg library with (de)muxers for multimedia containers - runtime files

Latest version: 7:4.2.7-0ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: ffmpeg
Homepage: https://ffmpeg.org/

Links


Download "libavformat58"


Other versions of "libavformat58" in Focal

Repository Area Version
base universe 7:4.2.2-1ubuntu1
updates universe 7:4.2.7-0ubuntu0.1

Changelog

Version: 7:4.2.7-0ubuntu0.1 2022-06-08 20:06:22 UTC

  ffmpeg (7:4.2.7-0ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release (LP: #1970674).
    - Fixes CVE-2020-20445, CVE-2020-20446, CVE-2020-20450, CVE-2020-20453,
      CVE-2020-21041, CVE-2020-21688, CVE-2020-21697, CVE-2020-22015,
      CVE-2020-22017, CVE-2020-22019, CVE-2020-22020, CVE-2020-22021,
      CVE-2020-22022, CVE-2020-22023, CVE-2020-22025, CVE-2020-22026,
      CVE-2020-22027, CVE-2020-22028, CVE-2020-22029, CVE-2020-22030,
      CVE-2020-22031, CVE-2020-22032, CVE-2020-22033, CVE-2020-22034,
      CVE-2020-22035, CVE-2020-22036, CVE-2020-22037, CVE-2020-22042,
      CVE-2020-35965, CVE-2021-38114, CVE-2021-38171 and CVE-2021-38291.

 -- Luís Infante da Câmara <email address hidden> Wed, 18 May 2022 22:24:26 +0100

Source diff to previous version
1970674 New bug fix releases 3.4.11, 4.2.7 and 4.4.2
CVE-2020-20445 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.
CVE-2020-20446 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.
CVE-2020-20450 FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.
CVE-2020-20453 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service
CVE-2020-21041 Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a
CVE-2020-21688 A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
CVE-2020-21697 A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a cr
CVE-2020-22015 Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicio
CVE-2020-22017 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruptio
CVE-2020-22019 Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a De
CVE-2020-22020 Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user ca
CVE-2020-22021 Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denia
CVE-2020-22022 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption
CVE-2020-22023 A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corrup
CVE-2020-22025 A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other po
CVE-2020-22026 Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user
CVE-2020-22027 A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and o
CVE-2020-22028 Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.
CVE-2020-22029 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_
CVE-2020-22030 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corru
CVE-2020-22031 A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corrup
CVE-2020-22032 A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption a
CVE-2020-22033 A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious
CVE-2020-22034 A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential
CVE-2020-22035 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and
CVE-2020-22036 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and
CVE-2020-22037 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
CVE-2020-22042 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfi
CVE-2020-35965 decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operatio
CVE-2021-38114 libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVE-2021-38171 adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the sec
CVE-2021-38291 FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

Version: 7:4.2.4-1ubuntu0.1 2020-07-22 17:07:03 UTC

  ffmpeg (7:4.2.4-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release.
    - Fixes CVE-2019-13312, CVE-2020-12284 and CVE-2020-13904.

 -- Eduardo Barretto <email address hidden> Thu, 16 Jul 2020 12:04:07 -0300

CVE-2019-13312 block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read.
CVE-2020-12284 cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missin
CVE-2020-13904 FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and late



About   -   Send Feedback to @ubuntu_updates