openSUSE 15 Security Update : ffmpeg (openSUSE-SU-2021:3521-1)

high Nessus Plugin ID 154611

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3521-1 advisory.

- CVE-2021-3566: Fixed information leak (bsc#1189166).
- CVE-2021-38093: Fixed integer overflow vulnerability in filter_robert() (bsc#1190734)
- CVE-2021-38092: Fixed integer overflow vulnerability in filter_prewitt() (bsc#1190733)
- CVE-2021-38094: Fixed integer overflow vulnerability in filter_sobel() (bsc#1190735)
- CVE-2020-22037: Fixed denial of service vulnerability caused by memory leak in avcodec_alloc_context3() (bsc#1186756)
- CVE-2020-35965: Fixed out-of-bounds write in decode_frame() (bsc#1187852)
- CVE-2020-20892: Fixed an issue with filter_frame() (bsc#1190719)
- CVE-2020-20891: Fixed a buffer overflow vulnerability in config_input() (bsc#1190718)
- CVE-2020-20895: Fixed a buffer overflow vulnerability in function filter_vertically_##name (bsc#1190722)
- CVE-2020-20896: Fixed an issue with latm_write_packet() (bsc#1190723)
- CVE-2020-20899: Fixed a buffer overflow vulnerability in config_props() (bsc#1190726)
- CVE-2020-20902: Fixed an out-of-bounds read vulnerabilit long_term_filter() (bsc#1190729)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1186756

https://bugzilla.suse.com/1187852

https://bugzilla.suse.com/1189166

https://bugzilla.suse.com/1190718

https://bugzilla.suse.com/1190719

https://bugzilla.suse.com/1190722

https://bugzilla.suse.com/1190723

https://bugzilla.suse.com/1190726

https://bugzilla.suse.com/1190729

https://bugzilla.suse.com/1190733

https://bugzilla.suse.com/1190734

https://bugzilla.suse.com/1190735

http://www.nessus.org/u?3a695b09

https://www.suse.com/security/cve/CVE-2020-20891

https://www.suse.com/security/cve/CVE-2020-20892

https://www.suse.com/security/cve/CVE-2020-20896

https://www.suse.com/security/cve/CVE-2020-20902

https://www.suse.com/security/cve/CVE-2020-22037

https://www.suse.com/security/cve/CVE-2020-35965

https://www.suse.com/security/cve/CVE-2021-3566

https://www.suse.com/security/cve/CVE-2021-38092

https://www.suse.com/security/cve/CVE-2021-38093

https://www.suse.com/security/cve/CVE-2021-38094

Plugin Details

Severity: High

ID: 154611

File Name: openSUSE-2021-3521.nasl

Version: 1.4

Type: local

Agent: unix

Published: 10/28/2021

Updated: 9/23/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-38094

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libswscale4, p-cpe:/a:novell:opensuse:libswresample2, p-cpe:/a:novell:opensuse:libpostproc54, p-cpe:/a:novell:opensuse:libavformat57-32bit, p-cpe:/a:novell:opensuse:libavformat57, p-cpe:/a:novell:opensuse:ffmpeg-private-devel, p-cpe:/a:novell:opensuse:libswresample2-32bit, p-cpe:/a:novell:opensuse:libavfilter-devel, p-cpe:/a:novell:opensuse:libswscale4-32bit, p-cpe:/a:novell:opensuse:libpostproc-devel, p-cpe:/a:novell:opensuse:libavdevice57, p-cpe:/a:novell:opensuse:libavresample3-32bit, p-cpe:/a:novell:opensuse:libavutil-devel, p-cpe:/a:novell:opensuse:libswresample-devel, p-cpe:/a:novell:opensuse:libavfilter6, p-cpe:/a:novell:opensuse:libavdevice57-32bit, p-cpe:/a:novell:opensuse:libavdevice-devel, p-cpe:/a:novell:opensuse:libswscale-devel, p-cpe:/a:novell:opensuse:libavcodec57, p-cpe:/a:novell:opensuse:libavfilter6-32bit, p-cpe:/a:novell:opensuse:ffmpeg, p-cpe:/a:novell:opensuse:libavresample3, cpe:/o:novell:opensuse:15.3, p-cpe:/a:novell:opensuse:libavcodec-devel, p-cpe:/a:novell:opensuse:libavutil55, p-cpe:/a:novell:opensuse:libavformat-devel, p-cpe:/a:novell:opensuse:libavutil55-32bit, p-cpe:/a:novell:opensuse:libavresample-devel, p-cpe:/a:novell:opensuse:libavcodec57-32bit, p-cpe:/a:novell:opensuse:libpostproc54-32bit

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/26/2021

Vulnerability Publication Date: 1/4/2021

Reference Information

CVE: CVE-2020-20891, CVE-2020-20892, CVE-2020-20896, CVE-2020-20902, CVE-2020-22037, CVE-2020-35965, CVE-2021-3566, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094