libav-tools-12.3-1.17 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10926 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libav-tools-12.3-1.17 on GA media These are all security issues fixed in the libav-tools-12.3-1.17 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10926 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10926 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-3946/ SUSE CVE CVE-2011-3946 page https://www.suse.com/security/cve/CVE-2012-6618/ SUSE CVE CVE-2012-6618 page https://www.suse.com/security/cve/CVE-2013-0851/ SUSE CVE CVE-2013-0851 page https://www.suse.com/security/cve/CVE-2013-0852/ SUSE CVE CVE-2013-0852 page https://www.suse.com/security/cve/CVE-2013-0868/ SUSE CVE CVE-2013-0868 page https://www.suse.com/security/cve/CVE-2013-7010/ SUSE CVE CVE-2013-7010 page https://www.suse.com/security/cve/CVE-2014-8544/ SUSE CVE CVE-2014-8544 page https://www.suse.com/security/cve/CVE-2014-9604/ SUSE CVE CVE-2014-9604 page https://www.suse.com/security/cve/CVE-2015-3395/ SUSE CVE CVE-2015-3395 page https://www.suse.com/security/cve/CVE-2015-3417/ SUSE CVE CVE-2015-3417 page https://www.suse.com/security/cve/CVE-2015-5479/ SUSE CVE CVE-2015-5479 page https://www.suse.com/security/cve/CVE-2016-3062/ SUSE CVE CVE-2016-3062 page openSUSE Tumbleweed libav-tools-12.3-1.17 libav-tools-12.3-1.17 as a component of openSUSE Tumbleweed The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop. CVE-2011-3946 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3946.html CVE-2011-3946 The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." CVE-2012-6618 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-6618.html CVE-2012-6618 The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access. CVE-2013-0851 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0851.html CVE-2013-0851 The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. CVE-2013-0852 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0852.html CVE-2013-0852 libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases." CVE-2013-0868 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0868.html CVE-2013-0868 https://bugzilla.suse.com/1189142 SUSE Bug 1189142 Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. CVE-2013-7010 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7010.html CVE-2013-7010 libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. CVE-2014-8544 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8544.html CVE-2014-8544 libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions. CVE-2014-9604 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9604.html CVE-2014-9604 The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access. CVE-2015-3395 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3395.html CVE-2015-3395 https://bugzilla.suse.com/931216 SUSE Bug 931216 Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data. CVE-2015-3417 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3417.html CVE-2015-3417 The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. CVE-2015-5479 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-5479.html CVE-2015-5479 https://bugzilla.suse.com/949760 SUSE Bug 949760 The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. CVE-2016-3062 openSUSE Tumbleweed:libav-tools-12.3-1.17 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-3062.html CVE-2016-3062 https://bugzilla.suse.com/984487 SUSE Bug 984487