ffmpeg-5-5.1.4-6.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13908-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ffmpeg-5-5.1.4-6.1 on GA media These are all security issues fixed in the ffmpeg-5-5.1.4-6.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13908 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-49502/ SUSE CVE CVE-2023-49502 page https://www.suse.com/security/cve/CVE-2023-50007/ SUSE CVE CVE-2023-50007 page https://www.suse.com/security/cve/CVE-2023-50008/ SUSE CVE CVE-2023-50008 page https://www.suse.com/security/cve/CVE-2023-51793/ SUSE CVE CVE-2023-51793 page openSUSE Tumbleweed ffmpeg-5-5.1.4-6.1 ffmpeg-5-libavcodec-devel-5.1.4-6.1 ffmpeg-5-libavdevice-devel-5.1.4-6.1 ffmpeg-5-libavfilter-devel-5.1.4-6.1 ffmpeg-5-libavformat-devel-5.1.4-6.1 ffmpeg-5-libavutil-devel-5.1.4-6.1 ffmpeg-5-libpostproc-devel-5.1.4-6.1 ffmpeg-5-libswresample-devel-5.1.4-6.1 ffmpeg-5-libswscale-devel-5.1.4-6.1 ffmpeg-5-private-devel-5.1.4-6.1 libavcodec59-5.1.4-6.1 libavcodec59-32bit-5.1.4-6.1 libavdevice59-5.1.4-6.1 libavdevice59-32bit-5.1.4-6.1 libavfilter8-5.1.4-6.1 libavfilter8-32bit-5.1.4-6.1 libavformat59-5.1.4-6.1 libavformat59-32bit-5.1.4-6.1 libavutil57-5.1.4-6.1 libavutil57-32bit-5.1.4-6.1 libpostproc56-5.1.4-6.1 libpostproc56-32bit-5.1.4-6.1 libswresample4_ff5-5.1.4-6.1 libswresample4_ff5-32bit-5.1.4-6.1 libswscale6-5.1.4-6.1 libswscale6-32bit-5.1.4-6.1 ffmpeg-5-5.1.4-6.1 as a component of openSUSE Tumbleweed ffmpeg-5-libavcodec-devel-5.1.4-6.1 as a component of openSUSE Tumbleweed ffmpeg-5-libavdevice-devel-5.1.4-6.1 as a component of openSUSE Tumbleweed ffmpeg-5-libavfilter-devel-5.1.4-6.1 as a component of openSUSE Tumbleweed ffmpeg-5-libavformat-devel-5.1.4-6.1 as a component of openSUSE Tumbleweed ffmpeg-5-libavutil-devel-5.1.4-6.1 as a component of openSUSE Tumbleweed ffmpeg-5-libpostproc-devel-5.1.4-6.1 as a component of openSUSE Tumbleweed ffmpeg-5-libswresample-devel-5.1.4-6.1 as a component of openSUSE Tumbleweed ffmpeg-5-libswscale-devel-5.1.4-6.1 as a component of openSUSE Tumbleweed ffmpeg-5-private-devel-5.1.4-6.1 as a component of openSUSE Tumbleweed libavcodec59-5.1.4-6.1 as a component of openSUSE Tumbleweed libavcodec59-32bit-5.1.4-6.1 as a component of openSUSE Tumbleweed libavdevice59-5.1.4-6.1 as a component of openSUSE Tumbleweed libavdevice59-32bit-5.1.4-6.1 as a component of openSUSE Tumbleweed libavfilter8-5.1.4-6.1 as a component of openSUSE Tumbleweed libavfilter8-32bit-5.1.4-6.1 as a component of openSUSE Tumbleweed libavformat59-5.1.4-6.1 as a component of openSUSE Tumbleweed libavformat59-32bit-5.1.4-6.1 as a component of openSUSE Tumbleweed libavutil57-5.1.4-6.1 as a component of openSUSE Tumbleweed libavutil57-32bit-5.1.4-6.1 as a component of openSUSE Tumbleweed libpostproc56-5.1.4-6.1 as a component of openSUSE Tumbleweed libpostproc56-32bit-5.1.4-6.1 as a component of openSUSE Tumbleweed libswresample4_ff5-5.1.4-6.1 as a component of openSUSE Tumbleweed libswresample4_ff5-32bit-5.1.4-6.1 as a component of openSUSE Tumbleweed libswscale6-5.1.4-6.1 as a component of openSUSE Tumbleweed libswscale6-32bit-5.1.4-6.1 as a component of openSUSE Tumbleweed Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. CVE-2023-49502 openSUSE Tumbleweed:ffmpeg-5-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavcodec-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavdevice-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavfilter-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavformat-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavutil-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libpostproc-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libswresample-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libswscale-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-private-devel-5.1.4-6.1 openSUSE Tumbleweed:libavcodec59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavcodec59-5.1.4-6.1 openSUSE Tumbleweed:libavdevice59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavdevice59-5.1.4-6.1 openSUSE Tumbleweed:libavfilter8-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavfilter8-5.1.4-6.1 openSUSE Tumbleweed:libavformat59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavformat59-5.1.4-6.1 openSUSE Tumbleweed:libavutil57-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavutil57-5.1.4-6.1 openSUSE Tumbleweed:libpostproc56-32bit-5.1.4-6.1 openSUSE Tumbleweed:libpostproc56-5.1.4-6.1 openSUSE Tumbleweed:libswresample4_ff5-32bit-5.1.4-6.1 openSUSE Tumbleweed:libswresample4_ff5-5.1.4-6.1 openSUSE Tumbleweed:libswscale6-32bit-5.1.4-6.1 openSUSE Tumbleweed:libswscale6-5.1.4-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49502.html CVE-2023-49502 https://bugzilla.suse.com/1223235 SUSE Bug 1223235 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. CVE-2023-50007 openSUSE Tumbleweed:ffmpeg-5-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavcodec-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavdevice-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavfilter-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavformat-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavutil-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libpostproc-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libswresample-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libswscale-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-private-devel-5.1.4-6.1 openSUSE Tumbleweed:libavcodec59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavcodec59-5.1.4-6.1 openSUSE Tumbleweed:libavdevice59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavdevice59-5.1.4-6.1 openSUSE Tumbleweed:libavfilter8-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavfilter8-5.1.4-6.1 openSUSE Tumbleweed:libavformat59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavformat59-5.1.4-6.1 openSUSE Tumbleweed:libavutil57-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavutil57-5.1.4-6.1 openSUSE Tumbleweed:libpostproc56-32bit-5.1.4-6.1 openSUSE Tumbleweed:libpostproc56-5.1.4-6.1 openSUSE Tumbleweed:libswresample4_ff5-32bit-5.1.4-6.1 openSUSE Tumbleweed:libswresample4_ff5-5.1.4-6.1 openSUSE Tumbleweed:libswscale6-32bit-5.1.4-6.1 openSUSE Tumbleweed:libswscale6-5.1.4-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-50007.html CVE-2023-50007 https://bugzilla.suse.com/1223253 SUSE Bug 1223253 Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component. CVE-2023-50008 openSUSE Tumbleweed:ffmpeg-5-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavcodec-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavdevice-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavfilter-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavformat-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavutil-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libpostproc-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libswresample-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libswscale-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-private-devel-5.1.4-6.1 openSUSE Tumbleweed:libavcodec59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavcodec59-5.1.4-6.1 openSUSE Tumbleweed:libavdevice59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavdevice59-5.1.4-6.1 openSUSE Tumbleweed:libavfilter8-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavfilter8-5.1.4-6.1 openSUSE Tumbleweed:libavformat59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavformat59-5.1.4-6.1 openSUSE Tumbleweed:libavutil57-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavutil57-5.1.4-6.1 openSUSE Tumbleweed:libpostproc56-32bit-5.1.4-6.1 openSUSE Tumbleweed:libpostproc56-5.1.4-6.1 openSUSE Tumbleweed:libswresample4_ff5-32bit-5.1.4-6.1 openSUSE Tumbleweed:libswresample4_ff5-5.1.4-6.1 openSUSE Tumbleweed:libswscale6-32bit-5.1.4-6.1 openSUSE Tumbleweed:libswscale6-5.1.4-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-50008.html CVE-2023-50008 https://bugzilla.suse.com/1223254 SUSE Bug 1223254 Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. CVE-2023-51793 openSUSE Tumbleweed:ffmpeg-5-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavcodec-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavdevice-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavfilter-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavformat-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libavutil-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libpostproc-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libswresample-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-libswscale-devel-5.1.4-6.1 openSUSE Tumbleweed:ffmpeg-5-private-devel-5.1.4-6.1 openSUSE Tumbleweed:libavcodec59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavcodec59-5.1.4-6.1 openSUSE Tumbleweed:libavdevice59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavdevice59-5.1.4-6.1 openSUSE Tumbleweed:libavfilter8-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavfilter8-5.1.4-6.1 openSUSE Tumbleweed:libavformat59-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavformat59-5.1.4-6.1 openSUSE Tumbleweed:libavutil57-32bit-5.1.4-6.1 openSUSE Tumbleweed:libavutil57-5.1.4-6.1 openSUSE Tumbleweed:libpostproc56-32bit-5.1.4-6.1 openSUSE Tumbleweed:libpostproc56-5.1.4-6.1 openSUSE Tumbleweed:libswresample4_ff5-32bit-5.1.4-6.1 openSUSE Tumbleweed:libswresample4_ff5-5.1.4-6.1 openSUSE Tumbleweed:libswscale6-32bit-5.1.4-6.1 openSUSE Tumbleweed:libswscale6-5.1.4-6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-51793.html CVE-2023-51793 https://bugzilla.suse.com/1223272 SUSE Bug 1223272