ffmpeg-5-5.1.4-5.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13888-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ffmpeg-5-5.1.4-5.1 on GA media These are all security issues fixed in the ffmpeg-5-5.1.4-5.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13888 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-49528/ SUSE CVE CVE-2023-49528 page https://www.suse.com/security/cve/CVE-2023-51796/ SUSE CVE CVE-2023-51796 page https://www.suse.com/security/cve/CVE-2024-31578/ SUSE CVE CVE-2024-31578 page https://www.suse.com/security/cve/CVE-2024-31582/ SUSE CVE CVE-2024-31582 page https://www.suse.com/security/cve/CVE-2024-31585/ SUSE CVE CVE-2024-31585 page openSUSE Tumbleweed ffmpeg-5-5.1.4-5.1 ffmpeg-5-libavcodec-devel-5.1.4-5.1 ffmpeg-5-libavdevice-devel-5.1.4-5.1 ffmpeg-5-libavfilter-devel-5.1.4-5.1 ffmpeg-5-libavformat-devel-5.1.4-5.1 ffmpeg-5-libavutil-devel-5.1.4-5.1 ffmpeg-5-libpostproc-devel-5.1.4-5.1 ffmpeg-5-libswresample-devel-5.1.4-5.1 ffmpeg-5-libswscale-devel-5.1.4-5.1 ffmpeg-5-private-devel-5.1.4-5.1 libavcodec59-5.1.4-5.1 libavcodec59-32bit-5.1.4-5.1 libavdevice59-5.1.4-5.1 libavdevice59-32bit-5.1.4-5.1 libavfilter8-5.1.4-5.1 libavfilter8-32bit-5.1.4-5.1 libavformat59-5.1.4-5.1 libavformat59-32bit-5.1.4-5.1 libavutil57-5.1.4-5.1 libavutil57-32bit-5.1.4-5.1 libpostproc56-5.1.4-5.1 libpostproc56-32bit-5.1.4-5.1 libswresample4_ff5-5.1.4-5.1 libswresample4_ff5-32bit-5.1.4-5.1 libswscale6-5.1.4-5.1 libswscale6-32bit-5.1.4-5.1 ffmpeg-5-5.1.4-5.1 as a component of openSUSE Tumbleweed ffmpeg-5-libavcodec-devel-5.1.4-5.1 as a component of openSUSE Tumbleweed ffmpeg-5-libavdevice-devel-5.1.4-5.1 as a component of openSUSE Tumbleweed ffmpeg-5-libavfilter-devel-5.1.4-5.1 as a component of openSUSE Tumbleweed ffmpeg-5-libavformat-devel-5.1.4-5.1 as a component of openSUSE Tumbleweed ffmpeg-5-libavutil-devel-5.1.4-5.1 as a component of openSUSE Tumbleweed ffmpeg-5-libpostproc-devel-5.1.4-5.1 as a component of openSUSE Tumbleweed ffmpeg-5-libswresample-devel-5.1.4-5.1 as a component of openSUSE Tumbleweed ffmpeg-5-libswscale-devel-5.1.4-5.1 as a component of openSUSE Tumbleweed ffmpeg-5-private-devel-5.1.4-5.1 as a component of openSUSE Tumbleweed libavcodec59-5.1.4-5.1 as a component of openSUSE Tumbleweed libavcodec59-32bit-5.1.4-5.1 as a component of openSUSE Tumbleweed libavdevice59-5.1.4-5.1 as a component of openSUSE Tumbleweed libavdevice59-32bit-5.1.4-5.1 as a component of openSUSE Tumbleweed libavfilter8-5.1.4-5.1 as a component of openSUSE Tumbleweed libavfilter8-32bit-5.1.4-5.1 as a component of openSUSE Tumbleweed libavformat59-5.1.4-5.1 as a component of openSUSE Tumbleweed libavformat59-32bit-5.1.4-5.1 as a component of openSUSE Tumbleweed libavutil57-5.1.4-5.1 as a component of openSUSE Tumbleweed libavutil57-32bit-5.1.4-5.1 as a component of openSUSE Tumbleweed libpostproc56-5.1.4-5.1 as a component of openSUSE Tumbleweed libpostproc56-32bit-5.1.4-5.1 as a component of openSUSE Tumbleweed libswresample4_ff5-5.1.4-5.1 as a component of openSUSE Tumbleweed libswresample4_ff5-32bit-5.1.4-5.1 as a component of openSUSE Tumbleweed libswscale6-5.1.4-5.1 as a component of openSUSE Tumbleweed libswscale6-32bit-5.1.4-5.1 as a component of openSUSE Tumbleweed Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. CVE-2023-49528 openSUSE Tumbleweed:ffmpeg-5-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavcodec-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavdevice-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavfilter-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavformat-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavutil-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libpostproc-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libswresample-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libswscale-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-private-devel-5.1.4-5.1 openSUSE Tumbleweed:libavcodec59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavcodec59-5.1.4-5.1 openSUSE Tumbleweed:libavdevice59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavdevice59-5.1.4-5.1 openSUSE Tumbleweed:libavfilter8-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavfilter8-5.1.4-5.1 openSUSE Tumbleweed:libavformat59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavformat59-5.1.4-5.1 openSUSE Tumbleweed:libavutil57-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavutil57-5.1.4-5.1 openSUSE Tumbleweed:libpostproc56-32bit-5.1.4-5.1 openSUSE Tumbleweed:libpostproc56-5.1.4-5.1 openSUSE Tumbleweed:libswresample4_ff5-32bit-5.1.4-5.1 openSUSE Tumbleweed:libswresample4_ff5-5.1.4-5.1 openSUSE Tumbleweed:libswscale6-32bit-5.1.4-5.1 openSUSE Tumbleweed:libswscale6-5.1.4-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49528.html CVE-2023-49528 https://bugzilla.suse.com/1222730 SUSE Bug 1222730 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. CVE-2023-51796 openSUSE Tumbleweed:ffmpeg-5-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavcodec-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavdevice-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavfilter-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavformat-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavutil-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libpostproc-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libswresample-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libswscale-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-private-devel-5.1.4-5.1 openSUSE Tumbleweed:libavcodec59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavcodec59-5.1.4-5.1 openSUSE Tumbleweed:libavdevice59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavdevice59-5.1.4-5.1 openSUSE Tumbleweed:libavfilter8-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavfilter8-5.1.4-5.1 openSUSE Tumbleweed:libavformat59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavformat59-5.1.4-5.1 openSUSE Tumbleweed:libavutil57-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavutil57-5.1.4-5.1 openSUSE Tumbleweed:libpostproc56-32bit-5.1.4-5.1 openSUSE Tumbleweed:libpostproc56-5.1.4-5.1 openSUSE Tumbleweed:libswresample4_ff5-32bit-5.1.4-5.1 openSUSE Tumbleweed:libswresample4_ff5-5.1.4-5.1 openSUSE Tumbleweed:libswscale6-32bit-5.1.4-5.1 openSUSE Tumbleweed:libswscale6-5.1.4-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-51796.html CVE-2023-51796 https://bugzilla.suse.com/1223274 SUSE Bug 1223274 FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. CVE-2024-31578 openSUSE Tumbleweed:ffmpeg-5-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavcodec-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavdevice-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavfilter-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavformat-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavutil-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libpostproc-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libswresample-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libswscale-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-private-devel-5.1.4-5.1 openSUSE Tumbleweed:libavcodec59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavcodec59-5.1.4-5.1 openSUSE Tumbleweed:libavdevice59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavdevice59-5.1.4-5.1 openSUSE Tumbleweed:libavfilter8-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavfilter8-5.1.4-5.1 openSUSE Tumbleweed:libavformat59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavformat59-5.1.4-5.1 openSUSE Tumbleweed:libavutil57-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavutil57-5.1.4-5.1 openSUSE Tumbleweed:libpostproc56-32bit-5.1.4-5.1 openSUSE Tumbleweed:libpostproc56-5.1.4-5.1 openSUSE Tumbleweed:libswresample4_ff5-32bit-5.1.4-5.1 openSUSE Tumbleweed:libswresample4_ff5-5.1.4-5.1 openSUSE Tumbleweed:libswscale6-32bit-5.1.4-5.1 openSUSE Tumbleweed:libswscale6-5.1.4-5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-31578.html CVE-2024-31578 https://bugzilla.suse.com/1223070 SUSE Bug 1223070 FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. CVE-2024-31582 openSUSE Tumbleweed:ffmpeg-5-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavcodec-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavdevice-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavfilter-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavformat-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavutil-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libpostproc-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libswresample-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libswscale-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-private-devel-5.1.4-5.1 openSUSE Tumbleweed:libavcodec59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavcodec59-5.1.4-5.1 openSUSE Tumbleweed:libavdevice59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavdevice59-5.1.4-5.1 openSUSE Tumbleweed:libavfilter8-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavfilter8-5.1.4-5.1 openSUSE Tumbleweed:libavformat59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavformat59-5.1.4-5.1 openSUSE Tumbleweed:libavutil57-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavutil57-5.1.4-5.1 openSUSE Tumbleweed:libpostproc56-32bit-5.1.4-5.1 openSUSE Tumbleweed:libpostproc56-5.1.4-5.1 openSUSE Tumbleweed:libswresample4_ff5-32bit-5.1.4-5.1 openSUSE Tumbleweed:libswresample4_ff5-5.1.4-5.1 openSUSE Tumbleweed:libswscale6-32bit-5.1.4-5.1 openSUSE Tumbleweed:libswscale6-5.1.4-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-31582.html CVE-2024-31582 https://bugzilla.suse.com/1223085 SUSE Bug 1223085 FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. CVE-2024-31585 openSUSE Tumbleweed:ffmpeg-5-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavcodec-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavdevice-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavfilter-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavformat-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libavutil-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libpostproc-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libswresample-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-libswscale-devel-5.1.4-5.1 openSUSE Tumbleweed:ffmpeg-5-private-devel-5.1.4-5.1 openSUSE Tumbleweed:libavcodec59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavcodec59-5.1.4-5.1 openSUSE Tumbleweed:libavdevice59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavdevice59-5.1.4-5.1 openSUSE Tumbleweed:libavfilter8-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavfilter8-5.1.4-5.1 openSUSE Tumbleweed:libavformat59-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavformat59-5.1.4-5.1 openSUSE Tumbleweed:libavutil57-32bit-5.1.4-5.1 openSUSE Tumbleweed:libavutil57-5.1.4-5.1 openSUSE Tumbleweed:libpostproc56-32bit-5.1.4-5.1 openSUSE Tumbleweed:libpostproc56-5.1.4-5.1 openSUSE Tumbleweed:libswresample4_ff5-32bit-5.1.4-5.1 openSUSE Tumbleweed:libswresample4_ff5-5.1.4-5.1 openSUSE Tumbleweed:libswscale6-32bit-5.1.4-5.1 openSUSE Tumbleweed:libswscale6-5.1.4-5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-31585.html CVE-2024-31585 https://bugzilla.suse.com/1223087 SUSE Bug 1223087