ffmpeg-6-6.1.1-4.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13895-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ffmpeg-6-6.1.1-4.1 on GA media These are all security issues fixed in the ffmpeg-6-6.1.1-4.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13895 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-49501/ SUSE CVE CVE-2023-49501 page https://www.suse.com/security/cve/CVE-2023-49502/ SUSE CVE CVE-2023-49502 page https://www.suse.com/security/cve/CVE-2023-49528/ SUSE CVE CVE-2023-49528 page https://www.suse.com/security/cve/CVE-2024-31578/ SUSE CVE CVE-2024-31578 page https://www.suse.com/security/cve/CVE-2024-31582/ SUSE CVE CVE-2024-31582 page openSUSE Tumbleweed ffmpeg-6-6.1.1-4.1 ffmpeg-6-libavcodec-devel-6.1.1-4.1 ffmpeg-6-libavdevice-devel-6.1.1-4.1 ffmpeg-6-libavfilter-devel-6.1.1-4.1 ffmpeg-6-libavformat-devel-6.1.1-4.1 ffmpeg-6-libavutil-devel-6.1.1-4.1 ffmpeg-6-libpostproc-devel-6.1.1-4.1 ffmpeg-6-libswresample-devel-6.1.1-4.1 ffmpeg-6-libswscale-devel-6.1.1-4.1 libavcodec60-6.1.1-4.1 libavcodec60-32bit-6.1.1-4.1 libavdevice60-6.1.1-4.1 libavdevice60-32bit-6.1.1-4.1 libavfilter9-6.1.1-4.1 libavfilter9-32bit-6.1.1-4.1 libavformat60-6.1.1-4.1 libavformat60-32bit-6.1.1-4.1 libavutil58-6.1.1-4.1 libavutil58-32bit-6.1.1-4.1 libpostproc57-6.1.1-4.1 libpostproc57-32bit-6.1.1-4.1 libswresample4-6.1.1-4.1 libswresample4-32bit-6.1.1-4.1 libswscale7-6.1.1-4.1 libswscale7-32bit-6.1.1-4.1 ffmpeg-6-6.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libavcodec-devel-6.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libavdevice-devel-6.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libavfilter-devel-6.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libavformat-devel-6.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libavutil-devel-6.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libpostproc-devel-6.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libswresample-devel-6.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libswscale-devel-6.1.1-4.1 as a component of openSUSE Tumbleweed libavcodec60-6.1.1-4.1 as a component of openSUSE Tumbleweed libavcodec60-32bit-6.1.1-4.1 as a component of openSUSE Tumbleweed libavdevice60-6.1.1-4.1 as a component of openSUSE Tumbleweed libavdevice60-32bit-6.1.1-4.1 as a component of openSUSE Tumbleweed libavfilter9-6.1.1-4.1 as a component of openSUSE Tumbleweed libavfilter9-32bit-6.1.1-4.1 as a component of openSUSE Tumbleweed libavformat60-6.1.1-4.1 as a component of openSUSE Tumbleweed libavformat60-32bit-6.1.1-4.1 as a component of openSUSE Tumbleweed libavutil58-6.1.1-4.1 as a component of openSUSE Tumbleweed libavutil58-32bit-6.1.1-4.1 as a component of openSUSE Tumbleweed libpostproc57-6.1.1-4.1 as a component of openSUSE Tumbleweed libpostproc57-32bit-6.1.1-4.1 as a component of openSUSE Tumbleweed libswresample4-6.1.1-4.1 as a component of openSUSE Tumbleweed libswresample4-32bit-6.1.1-4.1 as a component of openSUSE Tumbleweed libswscale7-6.1.1-4.1 as a component of openSUSE Tumbleweed libswscale7-32bit-6.1.1-4.1 as a component of openSUSE Tumbleweed Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. CVE-2023-49501 openSUSE Tumbleweed:ffmpeg-6-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavcodec-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavdevice-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavfilter-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavformat-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavutil-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libpostproc-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libswresample-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libswscale-devel-6.1.1-4.1 openSUSE Tumbleweed:libavcodec60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavcodec60-6.1.1-4.1 openSUSE Tumbleweed:libavdevice60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavdevice60-6.1.1-4.1 openSUSE Tumbleweed:libavfilter9-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavfilter9-6.1.1-4.1 openSUSE Tumbleweed:libavformat60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavformat60-6.1.1-4.1 openSUSE Tumbleweed:libavutil58-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavutil58-6.1.1-4.1 openSUSE Tumbleweed:libpostproc57-32bit-6.1.1-4.1 openSUSE Tumbleweed:libpostproc57-6.1.1-4.1 openSUSE Tumbleweed:libswresample4-32bit-6.1.1-4.1 openSUSE Tumbleweed:libswresample4-6.1.1-4.1 openSUSE Tumbleweed:libswscale7-32bit-6.1.1-4.1 openSUSE Tumbleweed:libswscale7-6.1.1-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49501.html CVE-2023-49501 https://bugzilla.suse.com/1223215 SUSE Bug 1223215 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. CVE-2023-49502 openSUSE Tumbleweed:ffmpeg-6-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavcodec-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavdevice-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavfilter-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavformat-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavutil-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libpostproc-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libswresample-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libswscale-devel-6.1.1-4.1 openSUSE Tumbleweed:libavcodec60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavcodec60-6.1.1-4.1 openSUSE Tumbleweed:libavdevice60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavdevice60-6.1.1-4.1 openSUSE Tumbleweed:libavfilter9-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavfilter9-6.1.1-4.1 openSUSE Tumbleweed:libavformat60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavformat60-6.1.1-4.1 openSUSE Tumbleweed:libavutil58-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavutil58-6.1.1-4.1 openSUSE Tumbleweed:libpostproc57-32bit-6.1.1-4.1 openSUSE Tumbleweed:libpostproc57-6.1.1-4.1 openSUSE Tumbleweed:libswresample4-32bit-6.1.1-4.1 openSUSE Tumbleweed:libswresample4-6.1.1-4.1 openSUSE Tumbleweed:libswscale7-32bit-6.1.1-4.1 openSUSE Tumbleweed:libswscale7-6.1.1-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49502.html CVE-2023-49502 https://bugzilla.suse.com/1223235 SUSE Bug 1223235 Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. CVE-2023-49528 openSUSE Tumbleweed:ffmpeg-6-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavcodec-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavdevice-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavfilter-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavformat-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavutil-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libpostproc-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libswresample-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libswscale-devel-6.1.1-4.1 openSUSE Tumbleweed:libavcodec60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavcodec60-6.1.1-4.1 openSUSE Tumbleweed:libavdevice60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavdevice60-6.1.1-4.1 openSUSE Tumbleweed:libavfilter9-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavfilter9-6.1.1-4.1 openSUSE Tumbleweed:libavformat60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavformat60-6.1.1-4.1 openSUSE Tumbleweed:libavutil58-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavutil58-6.1.1-4.1 openSUSE Tumbleweed:libpostproc57-32bit-6.1.1-4.1 openSUSE Tumbleweed:libpostproc57-6.1.1-4.1 openSUSE Tumbleweed:libswresample4-32bit-6.1.1-4.1 openSUSE Tumbleweed:libswresample4-6.1.1-4.1 openSUSE Tumbleweed:libswscale7-32bit-6.1.1-4.1 openSUSE Tumbleweed:libswscale7-6.1.1-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49528.html CVE-2023-49528 https://bugzilla.suse.com/1222730 SUSE Bug 1222730 FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. CVE-2024-31578 openSUSE Tumbleweed:ffmpeg-6-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavcodec-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavdevice-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavfilter-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavformat-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavutil-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libpostproc-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libswresample-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libswscale-devel-6.1.1-4.1 openSUSE Tumbleweed:libavcodec60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavcodec60-6.1.1-4.1 openSUSE Tumbleweed:libavdevice60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavdevice60-6.1.1-4.1 openSUSE Tumbleweed:libavfilter9-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavfilter9-6.1.1-4.1 openSUSE Tumbleweed:libavformat60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavformat60-6.1.1-4.1 openSUSE Tumbleweed:libavutil58-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavutil58-6.1.1-4.1 openSUSE Tumbleweed:libpostproc57-32bit-6.1.1-4.1 openSUSE Tumbleweed:libpostproc57-6.1.1-4.1 openSUSE Tumbleweed:libswresample4-32bit-6.1.1-4.1 openSUSE Tumbleweed:libswresample4-6.1.1-4.1 openSUSE Tumbleweed:libswscale7-32bit-6.1.1-4.1 openSUSE Tumbleweed:libswscale7-6.1.1-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-31578.html CVE-2024-31578 https://bugzilla.suse.com/1223070 SUSE Bug 1223070 FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. CVE-2024-31582 openSUSE Tumbleweed:ffmpeg-6-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavcodec-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavdevice-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavfilter-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavformat-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libavutil-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libpostproc-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libswresample-devel-6.1.1-4.1 openSUSE Tumbleweed:ffmpeg-6-libswscale-devel-6.1.1-4.1 openSUSE Tumbleweed:libavcodec60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavcodec60-6.1.1-4.1 openSUSE Tumbleweed:libavdevice60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavdevice60-6.1.1-4.1 openSUSE Tumbleweed:libavfilter9-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavfilter9-6.1.1-4.1 openSUSE Tumbleweed:libavformat60-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavformat60-6.1.1-4.1 openSUSE Tumbleweed:libavutil58-32bit-6.1.1-4.1 openSUSE Tumbleweed:libavutil58-6.1.1-4.1 openSUSE Tumbleweed:libpostproc57-32bit-6.1.1-4.1 openSUSE Tumbleweed:libpostproc57-6.1.1-4.1 openSUSE Tumbleweed:libswresample4-32bit-6.1.1-4.1 openSUSE Tumbleweed:libswresample4-6.1.1-4.1 openSUSE Tumbleweed:libswscale7-32bit-6.1.1-4.1 openSUSE Tumbleweed:libswscale7-6.1.1-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-31582.html CVE-2024-31582 https://bugzilla.suse.com/1223085 SUSE Bug 1223085