ffmpeg-4-4.4-5.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10754 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ffmpeg-4-4.4-5.2 on GA media These are all security issues fixed in the ffmpeg-4-4.4-5.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10754 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10754 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2015-8216/ SUSE CVE CVE-2015-8216 page https://www.suse.com/security/cve/CVE-2015-8217/ SUSE CVE CVE-2015-8217 page https://www.suse.com/security/cve/CVE-2015-8218/ SUSE CVE CVE-2015-8218 page https://www.suse.com/security/cve/CVE-2015-8219/ SUSE CVE CVE-2015-8219 page https://www.suse.com/security/cve/CVE-2015-8363/ SUSE CVE CVE-2015-8363 page https://www.suse.com/security/cve/CVE-2015-8365/ SUSE CVE CVE-2015-8365 page https://www.suse.com/security/cve/CVE-2015-8661/ SUSE CVE CVE-2015-8661 page https://www.suse.com/security/cve/CVE-2015-8663/ SUSE CVE CVE-2015-8663 page https://www.suse.com/security/cve/CVE-2016-10190/ SUSE CVE CVE-2016-10190 page https://www.suse.com/security/cve/CVE-2016-10191/ SUSE CVE CVE-2016-10191 page https://www.suse.com/security/cve/CVE-2016-1897/ SUSE CVE CVE-2016-1897 page https://www.suse.com/security/cve/CVE-2017-11399/ SUSE CVE CVE-2017-11399 page https://www.suse.com/security/cve/CVE-2017-11665/ SUSE CVE CVE-2017-11665 page https://www.suse.com/security/cve/CVE-2017-14054/ SUSE CVE CVE-2017-14054 page https://www.suse.com/security/cve/CVE-2017-14055/ SUSE CVE CVE-2017-14055 page https://www.suse.com/security/cve/CVE-2017-14056/ SUSE CVE CVE-2017-14056 page https://www.suse.com/security/cve/CVE-2017-14057/ SUSE CVE CVE-2017-14057 page https://www.suse.com/security/cve/CVE-2017-14058/ SUSE CVE CVE-2017-14058 page https://www.suse.com/security/cve/CVE-2017-14059/ SUSE CVE CVE-2017-14059 page https://www.suse.com/security/cve/CVE-2017-14169/ SUSE CVE CVE-2017-14169 page https://www.suse.com/security/cve/CVE-2017-14170/ SUSE CVE CVE-2017-14170 page https://www.suse.com/security/cve/CVE-2017-14171/ SUSE CVE CVE-2017-14171 page https://www.suse.com/security/cve/CVE-2017-14222/ SUSE CVE CVE-2017-14222 page https://www.suse.com/security/cve/CVE-2017-14223/ SUSE CVE CVE-2017-14223 page https://www.suse.com/security/cve/CVE-2017-14225/ SUSE CVE CVE-2017-14225 page https://www.suse.com/security/cve/CVE-2017-15186/ SUSE CVE CVE-2017-15186 page https://www.suse.com/security/cve/CVE-2017-15672/ SUSE CVE CVE-2017-15672 page https://www.suse.com/security/cve/CVE-2017-16840/ SUSE CVE CVE-2017-16840 page https://www.suse.com/security/cve/CVE-2017-17081/ SUSE CVE CVE-2017-17081 page https://www.suse.com/security/cve/CVE-2017-17555/ SUSE CVE CVE-2017-17555 page https://www.suse.com/security/cve/CVE-2017-7859/ SUSE CVE CVE-2017-7859 page https://www.suse.com/security/cve/CVE-2017-7863/ SUSE CVE CVE-2017-7863 page https://www.suse.com/security/cve/CVE-2017-7866/ SUSE CVE CVE-2017-7866 page https://www.suse.com/security/cve/CVE-2018-13300/ SUSE CVE CVE-2018-13300 page https://www.suse.com/security/cve/CVE-2018-13305/ SUSE CVE CVE-2018-13305 page https://www.suse.com/security/cve/CVE-2018-15822/ SUSE CVE CVE-2018-15822 page https://www.suse.com/security/cve/CVE-2018-6392/ SUSE CVE CVE-2018-6392 page https://www.suse.com/security/cve/CVE-2018-6621/ SUSE CVE CVE-2018-6621 page https://www.suse.com/security/cve/CVE-2018-7751/ SUSE CVE CVE-2018-7751 page https://www.suse.com/security/cve/CVE-2019-11338/ SUSE CVE CVE-2019-11338 page https://www.suse.com/security/cve/CVE-2019-15942/ SUSE CVE CVE-2019-15942 page https://www.suse.com/security/cve/CVE-2020-22046/ SUSE CVE CVE-2020-22046 page https://www.suse.com/security/cve/CVE-2020-35964/ SUSE CVE CVE-2020-35964 page https://www.suse.com/security/cve/CVE-2021-33815/ SUSE CVE CVE-2021-33815 page https://www.suse.com/security/cve/CVE-2021-38114/ SUSE CVE CVE-2021-38114 page https://www.suse.com/security/cve/CVE-2021-38171/ SUSE CVE CVE-2021-38171 page openSUSE Tumbleweed ffmpeg-4-4.4-5.2 ffmpeg-4-libavcodec-devel-4.4-5.2 ffmpeg-4-libavdevice-devel-4.4-5.2 ffmpeg-4-libavfilter-devel-4.4-5.2 ffmpeg-4-libavformat-devel-4.4-5.2 ffmpeg-4-libavresample-devel-4.4-5.2 ffmpeg-4-libavutil-devel-4.4-5.2 ffmpeg-4-libpostproc-devel-4.4-5.2 ffmpeg-4-libswresample-devel-4.4-5.2 ffmpeg-4-libswscale-devel-4.4-5.2 ffmpeg-4-private-devel-4.4-5.2 libavcodec58_134-4.4-5.2 libavcodec58_134-32bit-4.4-5.2 libavdevice58_13-4.4-5.2 libavdevice58_13-32bit-4.4-5.2 libavfilter7_110-4.4-5.2 libavfilter7_110-32bit-4.4-5.2 libavformat58_76-4.4-5.2 libavformat58_76-32bit-4.4-5.2 libavresample4_0-4.4-5.2 libavresample4_0-32bit-4.4-5.2 libavutil56_70-4.4-5.2 libavutil56_70-32bit-4.4-5.2 libpostproc55_9-4.4-5.2 libpostproc55_9-32bit-4.4-5.2 libswresample3_9-4.4-5.2 libswresample3_9-32bit-4.4-5.2 libswscale5_9-4.4-5.2 libswscale5_9-32bit-4.4-5.2 ffmpeg-4-4.4-5.2 as a component of openSUSE Tumbleweed ffmpeg-4-libavcodec-devel-4.4-5.2 as a component of openSUSE Tumbleweed ffmpeg-4-libavdevice-devel-4.4-5.2 as a component of openSUSE Tumbleweed ffmpeg-4-libavfilter-devel-4.4-5.2 as a component of openSUSE Tumbleweed ffmpeg-4-libavformat-devel-4.4-5.2 as a component of openSUSE Tumbleweed ffmpeg-4-libavresample-devel-4.4-5.2 as a component of openSUSE Tumbleweed ffmpeg-4-libavutil-devel-4.4-5.2 as a component of openSUSE Tumbleweed ffmpeg-4-libpostproc-devel-4.4-5.2 as a component of openSUSE Tumbleweed ffmpeg-4-libswresample-devel-4.4-5.2 as a component of openSUSE Tumbleweed ffmpeg-4-libswscale-devel-4.4-5.2 as a component of openSUSE Tumbleweed ffmpeg-4-private-devel-4.4-5.2 as a component of openSUSE Tumbleweed libavcodec58_134-4.4-5.2 as a component of openSUSE Tumbleweed libavcodec58_134-32bit-4.4-5.2 as a component of openSUSE Tumbleweed libavdevice58_13-4.4-5.2 as a component of openSUSE Tumbleweed libavdevice58_13-32bit-4.4-5.2 as a component of openSUSE Tumbleweed libavfilter7_110-4.4-5.2 as a component of openSUSE Tumbleweed libavfilter7_110-32bit-4.4-5.2 as a component of openSUSE Tumbleweed libavformat58_76-4.4-5.2 as a component of openSUSE Tumbleweed libavformat58_76-32bit-4.4-5.2 as a component of openSUSE Tumbleweed libavresample4_0-4.4-5.2 as a component of openSUSE Tumbleweed libavresample4_0-32bit-4.4-5.2 as a component of openSUSE Tumbleweed libavutil56_70-4.4-5.2 as a component of openSUSE Tumbleweed libavutil56_70-32bit-4.4-5.2 as a component of openSUSE Tumbleweed libpostproc55_9-4.4-5.2 as a component of openSUSE Tumbleweed libpostproc55_9-32bit-4.4-5.2 as a component of openSUSE Tumbleweed libswresample3_9-4.4-5.2 as a component of openSUSE Tumbleweed libswresample3_9-32bit-4.4-5.2 as a component of openSUSE Tumbleweed libswscale5_9-4.4-5.2 as a component of openSUSE Tumbleweed libswscale5_9-32bit-4.4-5.2 as a component of openSUSE Tumbleweed The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. CVE-2015-8216 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8216.html CVE-2015-8216 https://bugzilla.suse.com/955346 SUSE Bug 955346 The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. CVE-2015-8217 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8217.html CVE-2015-8217 https://bugzilla.suse.com/955347 SUSE Bug 955347 The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data. CVE-2015-8218 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8218.html CVE-2015-8218 https://bugzilla.suse.com/955348 SUSE Bug 955348 The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. CVE-2015-8219 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8219.html CVE-2015-8219 https://bugzilla.suse.com/955350 SUSE Bug 955350 The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers. CVE-2015-8363 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8363.html CVE-2015-8363 https://bugzilla.suse.com/957114 SUSE Bug 957114 The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data. CVE-2015-8365 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8365.html CVE-2015-8365 https://bugzilla.suse.com/957116 SUSE Bug 957116 The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. CVE-2015-8661 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8661.html CVE-2015-8661 https://bugzilla.suse.com/960385 SUSE Bug 960385 The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. CVE-2015-8663 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8663.html CVE-2015-8663 https://bugzilla.suse.com/960383 SUSE Bug 960383 Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. CVE-2016-10190 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10190.html CVE-2016-10190 https://bugzilla.suse.com/1022920 SUSE Bug 1022920 Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. CVE-2016-10191 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10191.html CVE-2016-10191 https://bugzilla.suse.com/1022921 SUSE Bug 1022921 FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. CVE-2016-1897 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1897.html CVE-2016-1897 https://bugzilla.suse.com/961937 SUSE Bug 961937 Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. CVE-2017-11399 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-11399.html CVE-2017-11399 https://bugzilla.suse.com/1049095 SUSE Bug 1049095 The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. CVE-2017-11665 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-11665.html CVE-2017-11665 https://bugzilla.suse.com/1082335 SUSE Bug 1082335 In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. CVE-2017-14054 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14054.html CVE-2017-14054 https://bugzilla.suse.com/1056765 SUSE Bug 1056765 In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. CVE-2017-14055 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14055.html CVE-2017-14055 https://bugzilla.suse.com/1056766 SUSE Bug 1056766 In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. CVE-2017-14056 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14056.html CVE-2017-14056 https://bugzilla.suse.com/1056760 SUSE Bug 1056760 In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. CVE-2017-14057 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14057.html CVE-2017-14057 https://bugzilla.suse.com/1056761 SUSE Bug 1056761 In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). CVE-2017-14058 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14058.html CVE-2017-14058 https://bugzilla.suse.com/1056762 SUSE Bug 1056762 In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. CVE-2017-14059 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14059.html CVE-2017-14059 https://bugzilla.suse.com/1056763 SUSE Bug 1056763 In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. CVE-2017-14169 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14169.html CVE-2017-14169 https://bugzilla.suse.com/1057536 SUSE Bug 1057536 In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. CVE-2017-14170 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14170.html CVE-2017-14170 https://bugzilla.suse.com/1057537 SUSE Bug 1057537 In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. CVE-2017-14171 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14171.html CVE-2017-14171 https://bugzilla.suse.com/1057539 SUSE Bug 1057539 In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. CVE-2017-14222 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14222.html CVE-2017-14222 https://bugzilla.suse.com/1058020 SUSE Bug 1058020 In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. CVE-2017-14223 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14223.html CVE-2017-14223 https://bugzilla.suse.com/1058019 SUSE Bug 1058019 The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) CVE-2017-14225 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14225.html CVE-2017-14225 https://bugzilla.suse.com/1058018 SUSE Bug 1058018 Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. CVE-2017-15186 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15186.html CVE-2017-15186 https://bugzilla.suse.com/1064577 SUSE Bug 1064577 The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. CVE-2017-15672 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15672.html CVE-2017-15672 https://bugzilla.suse.com/1066428 SUSE Bug 1066428 The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. CVE-2017-16840 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-16840.html CVE-2017-16840 https://bugzilla.suse.com/1069407 SUSE Bug 1069407 The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. CVE-2017-17081 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-17081.html CVE-2017-17081 https://bugzilla.suse.com/1070762 SUSE Bug 1070762 The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. CVE-2017-17555 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-17555.html CVE-2017-17555 https://bugzilla.suse.com/1072366 SUSE Bug 1072366 FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. CVE-2017-7859 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7859.html CVE-2017-7859 https://bugzilla.suse.com/1034183 SUSE Bug 1034183 FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. CVE-2017-7863 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7863.html CVE-2017-7863 https://bugzilla.suse.com/1034179 SUSE Bug 1034179 FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. CVE-2017-7866 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7866.html CVE-2017-7866 https://bugzilla.suse.com/1034176 SUSE Bug 1034176 In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. CVE-2018-13300 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-13300.html CVE-2018-13300 https://bugzilla.suse.com/1100348 SUSE Bug 1100348 In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. CVE-2018-13305 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-13305.html CVE-2018-13305 https://bugzilla.suse.com/1100345 SUSE Bug 1100345 The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. CVE-2018-15822 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-15822.html CVE-2018-15822 https://bugzilla.suse.com/1105869 SUSE Bug 1105869 The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. CVE-2018-6392 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6392.html CVE-2018-6392 https://bugzilla.suse.com/1078488 SUSE Bug 1078488 The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. CVE-2018-6621 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6621.html CVE-2018-6621 https://bugzilla.suse.com/1079368 SUSE Bug 1079368 The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. CVE-2018-7751 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7751.html CVE-2018-7751 https://bugzilla.suse.com/1090826 SUSE Bug 1090826 libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. CVE-2019-11338 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11338.html CVE-2019-11338 https://bugzilla.suse.com/1133155 SUSE Bug 1133155 FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. CVE-2019-15942 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-15942.html CVE-2019-15942 https://bugzilla.suse.com/1149839 SUSE Bug 1149839 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. CVE-2020-22046 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-22046.html CVE-2020-22046 https://bugzilla.suse.com/1186849 SUSE Bug 1186849 track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. CVE-2020-35964 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-35964.html CVE-2020-35964 https://bugzilla.suse.com/1180519 SUSE Bug 1180519 dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. CVE-2021-33815 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-33815.html CVE-2021-33815 https://bugzilla.suse.com/1186865 SUSE Bug 1186865 libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. CVE-2021-38114 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-38114.html CVE-2021-38114 https://bugzilla.suse.com/1189142 SUSE Bug 1189142 adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. CVE-2021-38171 openSUSE Tumbleweed:ffmpeg-4-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4-5.2 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4-5.2 openSUSE Tumbleweed:libavcodec58_134-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4-5.2 openSUSE Tumbleweed:libavdevice58_13-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4-5.2 openSUSE Tumbleweed:libavfilter7_110-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-32bit-4.4-5.2 openSUSE Tumbleweed:libavformat58_76-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-32bit-4.4-5.2 openSUSE Tumbleweed:libavresample4_0-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-32bit-4.4-5.2 openSUSE Tumbleweed:libavutil56_70-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4-5.2 openSUSE Tumbleweed:libpostproc55_9-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswresample3_9-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-32bit-4.4-5.2 openSUSE Tumbleweed:libswscale5_9-4.4-5.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-38171.html CVE-2021-38171 https://bugzilla.suse.com/1189724 SUSE Bug 1189724