The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3521-1 advisory.

  - Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows     attackers to cause a Denial of Service or other unspecified impacts. (CVE-2020-20891)

  - An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1,     allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zero.
    (CVE-2020-20892)

  - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22028. Reason: This candidate is a     duplicate of CVE-2020-22028. Notes: All CVE users should reference CVE-2020-22028 instead of this     candidate. All references and descriptions in this candidate have been removed to prevent accidental     usage. (CVE-2020-20895)

  - An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows     attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference.
    (CVE-2020-20896)

  - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22036. Reason: This candidate is a     duplicate of CVE-2020-22036. Notes: All CVE users should reference CVE-2020-22036 instead of this     candidate. All references and descriptions in this candidate have been removed to prevent accidental     usage. (CVE-2020-20899)

  - A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in     FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could     result in disclosure of information. (CVE-2020-20902)

  - A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at     options.c. (CVE-2020-22037)

  - decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in     calculations of when to perform memset zero operations. (CVE-2020-35965)

  - Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By     crafting a legitimate ffconcat file that references an image, followed by a file the triggers the tty     demuxer, the contents of the second file will be copied into the output file verbatim (as long as the     `-vcodec copy` option is passed to ffmpeg). (CVE-2021-3566)

  - Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1,     allows attackers to cause a Denial of Service or other unspecified impacts. (CVE-2021-38092)

  - Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1,     allows attackers to cause a Denial of Service or other unspecified impacts. (CVE-2021-38093)

  - Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1,     allows attackers to cause a Denial of Service or other unspecified impacts. (CVE-2021-38094)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

openSUSE 15 Security Update : ffmpeg (openSUSE-SU-2021:3521-1)

high Nessus Plugin ID 154611

Version 1.3