SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3358

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3358

Security update for ffmpeg-4

Type: security

Severity: important

Issued: 2024-09-20

Description:

This update for ffmpeg-4 fixes the following issues:

- Dropped support for libmfx to fix the following CVEs:
  * libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
  * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
  * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
  * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
  * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
- CVE-2024-7055: heap-based buffer overflow in pnmdec.c from the libavcodec library. (bsc#1229026)

References

jira: PED-10024 https://jira.suse.com/browse/PED-10024
CVE: CVE-2024-7055
CVE: CVE-2023-48368
CVE: CVE-2023-47282
CVE: CVE-2023-47169
CVE: CVE-2023-45221
CVE: CVE-2023-22656
Bugzilla: 1229026 VUL-0: CVE-2024-7055: ffmpeg,ffmpeg-4: heap-based buffer overflow in pnmdec.c
Bugzilla: 1226901 VUL-0: CVE-2023-47169: libmfx: improper buffer restrictions
Bugzilla: 1226900 VUL-0: CVE-2023-47282: libmfx: out-of-bounds write
Bugzilla: 1226899 VUL-0: CVE-2023-22656: libmfx: out-of-bounds read
Bugzilla: 1226898 VUL-0: CVE-2023-45221: libmfx: improper buffer restrictions
Bugzilla: 1226897 VUL-0: CVE-2023-48368: libmfx: improper input validation
Bugzilla: 1226892 L3: L3-Question: Multiple vulnerabilities in the Intel Media SDK (libmfx1) — ref:_00D1igLOd._500TrCexKD:ref

Packages

ffmpeg-4-4.4-150400.3.42.1