SUSE SLED15 / SLES15 Security Update : ffmpeg (SUSE-SU-2021:2919-1)

high Nessus Plugin ID 153011

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2919-1 advisory.

- A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. (CVE-2019-9721)

- A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. (CVE-2020-21688)

- A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. (CVE-2020-21697)

- A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. (CVE-2020-22046)

- A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. (CVE-2020-22048)

- A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. (CVE-2020-22049)

- A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. (CVE-2020-22054)

- libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. (CVE-2021-38114)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 153011

File Name: suse_SU-2021-2919-1.nasl

Version: 1.4

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 9/4/2021

Updated: 7/13/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-21688

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:ffmpeg, p-cpe:/a:novell:suse_linux:libavcodec-devel, p-cpe:/a:novell:suse_linux:libavcodec57, p-cpe:/a:novell:suse_linux:libavdevice57, p-cpe:/a:novell:suse_linux:libavfilter6, p-cpe:/a:novell:suse_linux:libavformat-devel, p-cpe:/a:novell:suse_linux:libavformat57, p-cpe:/a:novell:suse_linux:libavresample-devel, p-cpe:/a:novell:suse_linux:libavresample3, p-cpe:/a:novell:suse_linux:libavresample3-32bit, p-cpe:/a:novell:suse_linux:libavresample3-64bit, p-cpe:/a:novell:suse_linux:libavutil-devel, p-cpe:/a:novell:suse_linux:libavutil55, p-cpe:/a:novell:suse_linux:libpostproc-devel, p-cpe:/a:novell:suse_linux:libpostproc54, p-cpe:/a:novell:suse_linux:libswresample-devel, p-cpe:/a:novell:suse_linux:libswresample2, p-cpe:/a:novell:suse_linux:libswscale-devel, p-cpe:/a:novell:suse_linux:libswscale4, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/2/2021

Vulnerability Publication Date: 3/12/2019

Reference Information

CVE: CVE-2019-9721, CVE-2020-21688, CVE-2020-21697, CVE-2020-22046, CVE-2020-22048, CVE-2020-22049, CVE-2020-22054, CVE-2021-38114

SuSE: SUSE-SU-2021:2919-1

Detections

Analytics