Detections
Analytics

SUSE SLES15 Security Update : ffmpeg (SUSE-SU-2023:0005-1)

high Nessus Plugin ID 169467

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0005-1 advisory.

 - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442).
 - CVE-2020-22042: Fixed a denial of service vulnerability led by a memory leak in the link_filter_inouts function in libavfilter/graphparser.c. (bsc#1186761)
 - CVE-2021-38094: Fixed an integer overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c (bsc#1190735).
 - CVE-2021-38093: Fixed an integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c (bsc#1190734).
 - CVE-2021-38092: Fixed an Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c (bsc#1190733).
 - CVE-2020-22037: Fixed a denial of service vulnerability due to a memory leak in avcodec_alloc_context3 at options.c (bsc#1186756).
 - CVE-2021-3566: Fixed an exposure of sensitive information on ffmpeg version prior to 4.3 (bsc#1189166).
 - CVE-2020-35965: Fixed an out-of-bounds write in decode_frame in libavcodec/exr.c (bsc#1187852).
 - CVE-2020-20892: Fixed a division by zero in function filter_frame in libavfilter/vf_lenscorrection.c (bsc#1190719).
 - CVE-2020-20891: Fixed a buffer overflow vulnerability in function config_input in libavfilter/vf_gblur.c (bsc#1190718).
 - CVE-2020-20895: Fixed a buffer overflow vulnerability in function filter_vertically_##name in libavfilter/vf_avgblur.c (bsc#1190722).
 - CVE-2020-20896: Fixed a NULL pointer dereference in function latm_write_packet in libavformat/latmenc.c (bsc#1190723).
 - CVE-2020-20899: Fixed a buffer overflow vulnerability in function config_props in libavfilter/vf_bwdif.c (bsc#1190726).
 - CVE-2020-20902: Fixed an out-of-bounds read vulnerability in long_term_filter function in g729postfilter.c (bsc#1190729).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1186756

https://bugzilla.suse.com/1186761

https://bugzilla.suse.com/1187852

https://bugzilla.suse.com/1189166

https://bugzilla.suse.com/1190718

https://bugzilla.suse.com/1190719

https://bugzilla.suse.com/1190722

https://bugzilla.suse.com/1190723

https://bugzilla.suse.com/1190726

https://bugzilla.suse.com/1190729

https://bugzilla.suse.com/1190733

https://bugzilla.suse.com/1190734

https://bugzilla.suse.com/1190735

https://bugzilla.suse.com/1206442

http://www.nessus.org/u?c554c13c

https://www.suse.com/security/cve/CVE-2020-20891

https://www.suse.com/security/cve/CVE-2020-20892

https://www.suse.com/security/cve/CVE-2020-20896

https://www.suse.com/security/cve/CVE-2020-20902

https://www.suse.com/security/cve/CVE-2020-22037

https://www.suse.com/security/cve/CVE-2020-22042

https://www.suse.com/security/cve/CVE-2020-35965

https://www.suse.com/security/cve/CVE-2021-3566

https://www.suse.com/security/cve/CVE-2021-38092

https://www.suse.com/security/cve/CVE-2021-38093

https://www.suse.com/security/cve/CVE-2021-38094

https://www.suse.com/security/cve/CVE-2022-3109

Plugin Details

Severity: High

ID: 169467

File Name: suse_SU-2023-0005-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 1/3/2023

Updated: 9/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-38094

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libavresample3, p-cpe:/a:novell:suse_linux:libavformat57-32bit, p-cpe:/a:novell:suse_linux:libavresample3-32bit, p-cpe:/a:novell:suse_linux:libavresample-devel, p-cpe:/a:novell:suse_linux:libswscale4-32bit, p-cpe:/a:novell:suse_linux:libavutil-devel, p-cpe:/a:novell:suse_linux:libavfilter6, p-cpe:/a:novell:suse_linux:libavdevice-devel, p-cpe:/a:novell:suse_linux:libavutil55-32bit, p-cpe:/a:novell:suse_linux:libpostproc-devel, p-cpe:/a:novell:suse_linux:libavutil55, p-cpe:/a:novell:suse_linux:libswresample-devel, p-cpe:/a:novell:suse_linux:libpostproc54, p-cpe:/a:novell:suse_linux:libavdevice57-32bit, p-cpe:/a:novell:suse_linux:libavcodec57-32bit, p-cpe:/a:novell:suse_linux:libavcodec-devel, p-cpe:/a:novell:suse_linux:libswresample2, p-cpe:/a:novell:suse_linux:libavformat-devel, p-cpe:/a:novell:suse_linux:libavcodec57, p-cpe:/a:novell:suse_linux:libswresample2-32bit, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:libavfilter-devel, p-cpe:/a:novell:suse_linux:libswscale-devel, p-cpe:/a:novell:suse_linux:libavdevice57, p-cpe:/a:novell:suse_linux:libswscale4, p-cpe:/a:novell:suse_linux:libavformat57, p-cpe:/a:novell:suse_linux:libpostproc54-32bit, p-cpe:/a:novell:suse_linux:libavfilter6-32bit

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/2/2023

Vulnerability Publication Date: 1/4/2021

Reference Information

CVE: CVE-2020-20891, CVE-2020-20892, CVE-2020-20896, CVE-2020-20902, CVE-2020-22037, CVE-2020-22042, CVE-2020-35965, CVE-2021-3566, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094, CVE-2022-3109

SuSE: SUSE-SU-2023:0005-1