UbuntuUpdates.org

Package "ffmpeg"

Name: ffmpeg

Description:

Tools for transcoding, streaming and playing of multimedia files
Latest version: 7:6.0-6ubuntu1.1
Release: mantic (23.10)
Level: updates
Repository: universe
Homepage: https://ffmpeg.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ffmpeg"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ffmpeg" in Mantic

Repository Area Version
base universe 7:6.0-6ubuntu1
security universe 7:6.0-6ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7:6.0-6ubuntu1.1 2024-05-30 16:07:00 UTC

  ffmpeg (7:6.0-6ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-49502.patch: avfilter/bwdif: account for
      chroma sub-sampling in min size calculation
    - CVE-2023-49502
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-49528.patch: avfilter/af_dialoguenhance:
      fix overreads
    - CVE-2023-49528
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-50007.patch: avfilter/af_afwtdn: fix crash
      with EOF handling
    - CVE-2023-50007
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-50008.patch: avfilter/vf_colorcorrect: fix
      memory leaks
    - CVE-2023-50008
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-50009.patch: avfilter/edge_template: Fix
      small inputs with gaussian_blur()
    - CVE-2023-50009
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-50010.patch: avfilter/vf_gradfun: Do not
      overread last line
    - CVE-2023-50010
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-51793.patch: avfilter/vf_weave: Fix odd
      height handling
    - CVE-2023-51793
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-51794.patch: avfilter/af_stereowiden:
      Check length
    - CVE-2023-51794
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-51795-2024-31585.patch:
      avfilter/avf_showspectrum: fix off by 1 error
    - CVE-2023-51795
    - CVE-2024-31585
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-51796.patch: avfilter/f_reverse: Apply PTS
      compensation only when pts is available
    - CVE-2023-51796
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2023-51798.patch: avfilter/vf_minterpolate:
      Check pts before division
    - CVE-2023-51798
  * SECURITY UPDATE: use after free
    - debian/patches/CVE-2024-31578.patch: avutil/hwcontext: Don't
      assume frames_uninit is reentrant
    - CVE-2024-31578
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-31582.patch: avfilter/vf_codecview: fix
      heap buffer overflow
    - CVE-2024-31582

 -- Allen Huang <email address hidden> Tue, 28 May 2024 22:52:48 +0100
CVE-2023-49502 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c functi
CVE-2023-49528 Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (
CVE-2023-50007 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function
CVE-2023-50008 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavuti
CVE-2023-50009 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_gaussian_blur_8 function in
CVE-2023-50010 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /ff
CVE-2023-51793 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in
CVE-2023-51794 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:
CVE-2023-51795 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.
CVE-2024-31585 FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows
CVE-2023-51796 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:2
CVE-2023-51798 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE)
CVE-2024-31578 FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
CVE-2024-31582 FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c


About   -   Send Feedback to @ubuntu_updates