[USN-6983-1] FFmpeg vulnerability
Octavio Galland
octavio.galland at canonical.com
Mon Sep 2 14:49:35 UTC 2024
==========================================================================
Ubuntu Security Notice USN-6983-1
September 02, 2024
ffmpeg vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
FFmpeg could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files
Details:
Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during
video encoding. An attacker could possibly use this issue to perform a
denial of service, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
ffmpeg 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavcodec-dev 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavcodec-extra60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavcodec60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavdevice60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavfilter-extra9 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavfilter9 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavformat-extra60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavformat60 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libavutil58 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libpostproc57 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libswresample4 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
libswscale7 7:6.1.1-3ubuntu5+esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavcodec-dev 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm5
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ffmpeg 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-dev 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavdevice58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter7 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavformat58 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavresample4 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavutil56 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libpostproc55 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswresample3 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswscale5 7:4.2.7-0ubuntu0.1+esm6
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ffmpeg 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-dev 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavcodec57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavdevice57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavfilter6 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavformat57 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavresample3 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libavutil55 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libpostproc54 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswresample2 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
libswscale4 7:3.4.11-0ubuntu0.1+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ffmpeg 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libav-tools 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavcodec-dev 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6983-1
CVE-2024-32230
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240902/f287d2fe/attachment.sig>
More information about the ubuntu-security-announce
mailing list