UbuntuUpdates.org

Package "libavcodec-ffmpeg-extra56"

Name: libavcodec-ffmpeg-extra56

Description:

FFmpeg library with additional de/encoders for audio/video codecs

Latest version: 7:2.8.17-0ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe
Head package: ffmpeg
Homepage: https://ffmpeg.org/

Links


Download "libavcodec-ffmpeg-extra56"


Other versions of "libavcodec-ffmpeg-extra56" in Xenial

Repository Area Version
base universe 7:2.8.6-1ubuntu2
updates universe 7:2.8.17-0ubuntu0.1

Changelog

Version: 7:2.8.17-0ubuntu0.1 2020-07-22 17:06:59 UTC

  ffmpeg (7:2.8.17-0ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release.
    - Fixes CVE-2018-15822, CVE-2019-11338, CVE-2019-12730,
      CVE-2019-17542 and CVE-2020-13904.

 -- Eduardo Barretto <email address hidden> Wed, 15 Jul 2020 10:53:56 -0300

Source diff to previous version
CVE-2018-15822 The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failu
CVE-2019-11338 libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL
CVE-2019-12730 aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of u
CVE-2019-17542 FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
CVE-2020-13904 FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and late

Version: 7:2.8.15-0ubuntu0.16.04.1 2018-08-23 18:06:41 UTC

  ffmpeg (7:2.8.15-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release.
    - Fixes CVE-2018-7557, CVE-2018-12458 and CVE-2018-13302.

 -- Eduardo Barretto <email address hidden> Wed, 22 Aug 2018 12:59:03 -0300

Source diff to previous version
CVE-2018-7557 The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read)
CVE-2018-12458 An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 4.0 may trigger an assertion violation while
CVE-2018-13302 In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_ea

Version: 7:2.8.14-0ubuntu0.16.04.1 2018-04-12 19:06:55 UTC

  ffmpeg (7:2.8.14-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream bugfix release. (LP: #1697785)
    - Fixes CVE-2017-9991, CVE-2017-9992, CVE-2017-9993, CVE-2017-9994,
      CVE-2017-9996, CVE-2017-11399, CVE-2017-11665, CVE-2017-14055,
      CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059,
      CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222,
      CVE-2017-14223, CVE-2017-14225, CVE-2017-15672, CVE-2017-17081.

 -- James Cowgill <email address hidden> Tue, 10 Apr 2018 14:49:07 +0100

Source diff to previous version
1697785 Update to 2.8.14 in Xenial
CVE-2017-9991 Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3
CVE-2017-9992 Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x bef
CVE-2017-9993 FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filenam
CVE-2017-9994 libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pi
CVE-2017-9996 The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.
CVE-2017-11399 Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service
CVE-2017-11665 The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Vi
CVE-2017-14055 In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumpti
CVE-2017-14056 In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumptio
CVE-2017-14057 In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF
CVE-2017-14058 In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attacker
CVE-2017-14059 In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which
CVE-2017-14169 In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which clai
CVE-2017-14170 In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consump
CVE-2017-14171 In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption.
CVE-2017-14222 In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. Whe
CVE-2017-14223 In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumpti
CVE-2017-14225 The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but c
CVE-2017-15672 The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 fil
CVE-2017-17081 The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does not properly validate widths and heights, which allows remote attackers to c

Version: 7:2.8.11-0ubuntu0.16.04.1 2017-02-15 02:06:51 UTC

  ffmpeg (7:2.8.11-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * Import new upstream bugfix release 2.8.11. (LP: #1664403)
    Fixes CVE-2016-9561, CVE-2017-5024 and CVE-2017-5025.
  * Add new av_image_check_size2 symbol to libavutil55.symbols.

 -- Andreas Cadhalpun <email address hidden> Tue, 14 Feb 2017 00:49:10 +0100

Source diff to previous version
1664403 FFmpeg security fixes February 2017 (xenial)
CVE-2016-9561 The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of

Version: 7:2.8.10-0ubuntu0.16.04.1 2016-12-16 02:07:19 UTC

  ffmpeg (7:2.8.10-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream bugfix release 2.8.10. (LP: #1647226)
    Fixes CVE-2016-7502, CVE-2016-7562, CVE-2016-7785 and CVE-2016-7905.

 -- Andreas Cadhalpun <email address hidden> Sat, 10 Dec 2016 17:41:36 +0100

1647226 FFmpeg security fixes December 2016 (xenial)



About   -   Send Feedback to @ubuntu_updates