UbuntuUpdates.org

Package "ffmpeg"

Name: ffmpeg

Description:

Tools for transcoding, streaming and playing of multimedia files

Latest version: 7:4.4.2-0ubuntu0.21.10.1
Release: impish (21.10)
Level: updates
Repository: universe
Homepage: https://ffmpeg.org/

Links


Download "ffmpeg"


Other versions of "ffmpeg" in Impish

Repository Area Version
base universe 7:4.4-6ubuntu5
security universe 7:4.4.2-0ubuntu0.21.10.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7:4.4.2-0ubuntu0.21.10.1 2022-06-09 03:06:26 UTC

  ffmpeg (7:4.4.2-0ubuntu0.21.10.1) impish-security; urgency=medium

  * SECURITY UPDATE: New upstream bugfix release (LP: #1970674).
    - Fixes CVE-2020-20445, CVE-2020-20446, CVE-2020-20453, CVE-2020-21697,
      CVE-2020-22015, CVE-2020-22019, CVE-2020-22021, CVE-2020-22022,
      CVE-2020-22033, CVE-2020-22037, CVE-2021-38114, CVE-2021-38171 and
      CVE-2021-38291 and security issues without a CVE number
      (see DSA-5124-1 and DSA-5126-1).

 -- Luís Infante da Câmara <email address hidden> Wed, 18 May 2022 23:03:21 +0100

1970674 New bug fix releases 3.4.11, 4.2.7 and 4.4.2
CVE-2020-20445 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.
CVE-2020-20446 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.
CVE-2020-20453 FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service
CVE-2020-21697 A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a cr
CVE-2020-22015 Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicio
CVE-2020-22019 Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a De
CVE-2020-22021 Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denia
CVE-2020-22022 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption
CVE-2020-22033 A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious
CVE-2020-22037 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
CVE-2021-38114 libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
CVE-2021-38171 adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the sec
CVE-2021-38291 FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.



About   -   Send Feedback to @ubuntu_updates