SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1470

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1470

Security update for ffmpeg-4

Type: security

Severity: important

Issued: 2024-04-29

Description:

This update for ffmpeg-4 fixes the following issues:

- CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when vulkan_frames init failed (bsc#1223070)
- CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235)
- CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272)

References

CVE: CVE-2024-31578
CVE: CVE-2023-51793
CVE: CVE-2023-49502
Bugzilla: 1223272 VUL-0: CVE-2023-51793: ffmpeg: heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c
Bugzilla: 1223235 VUL-0: CVE-2023-49502: ffmpeg: heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c
Bugzilla: 1223070 VUL-0: CVE-2024-31578: ffmpeg,ffmpeg-4: heap use-after-free via the av_hwframe_ctx_init function.

Packages

ffmpeg-4-4.4-150400.3.24.1