Detections
Analytics

SUSE SLES15: libavcodec-devel / libavcodec57 / libavcodec57-32bit / etc (SUSE-SU-2021:2929-1)

critical Nessus Plugin ID 322833

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2929-1 advisory.

 - CVE-2019-9721: Fixed a denial of service in the subtitle decoder in handle_open_brace from libavcodec/htmlsubtitles.c (bsc#1129714).
 - CVE-2020-22046: Fixed a denial of service vulnerability due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c (bsc#1186849).
 - CVE-2020-22048: Fixed a denial of service vulnerability due to a memory leak in the ff_frame_pool_get function in framepool.c (bsc#1186859).
 - CVE-2020-22049: Fixed a denial of service vulnerability caused by a memory leak in the wtvfile_open_sector function in wtvdec.c (bsc#1186861).
 - CVE-2020-22054: Fixed a denial of service vulnerability due to a memory leak in the av_dict_set function in dict.c (bsc#1186863).
 - CVE-2020-13904: Fixed use-after-free via a crafted EXTINF duration in an m3u8 file (bsc#1172640).
 - CVE-2020-21041: Fixed buffer overflow vulnerability via apng_do_inverse_blend in libavcodec/pngenc.c (bsc#1186406).
 - CVE-2019-17539: Fixed NULL pointer dereference in avcodec_open2 in libavcodec/utils.c (bsc# 1154065).
 - CVE-2020-22026: Fixed buffer overflow vulnerability in config_input() at libavfilter/af_tremolo.c (bsc#1186583).
 - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586).
 - CVE-2020-22020: Fixed buffer overflow vulnerability in build_diff_map() in libavfilter/vf_fieldmatch.c (bsc#1186587).
 - CVE-2020-22015: Fixed buffer overflow vulnerability in mov_write_video_tag() due to the out of bounds in libavformat/movenc.c (bsc#1186596).
 - CVE-2020-22016: Fixed a heap-based Buffer Overflow vulnerability at libavcodec/get_bits.h when writing .mov files (bsc#1186598).
 - CVE-2020-22017: Fixed a heap-based Buffer Overflow vulnerability in ff_fill_rectangle() in libavfilter/drawutils.c (bsc#1186600).
 - CVE-2020-22022: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_fieldorder.c (bsc#1186603).
 - CVE-2020-22023: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_bitplanenoise.c (bsc#1186604)
 - CVE-2020-22025: Fixed a heap-based Buffer Overflow vulnerability in gaussian_blur at libavfilter/vf_edgedetect.c (bsc#1186605).
 - CVE-2020-22031: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_w3fdif.c in filter16_complex_low() (bsc#1186613).
 - CVE-2020-22032: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_edgedetect.c in gaussian_blur() (bsc#1186614).
 - CVE-2020-22034: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_floodfill.c (bsc#1186616).
 - CVE-2020-20451: Fixed denial of service issue due to resource management errors via fftools/cmdutils.c (bsc#1186658).
 - CVE-2020-20448: Fixed divide by zero issue via libavcodec/ratecontrol.c (bsc#1186660).
 - CVE-2020-22038: Fixed denial of service vulnerability due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c (bsc#1186757).
 - CVE-2020-22039: Fixed denial of service vulnerability due to a memory leak in the inavi_add_ientry function (bsc#1186758).
 - CVE-2020-22043: Fixed denial of service vulnerability due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c (bsc#1186762).
 - CVE-2020-22044: Fixed denial of service vulnerability due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c (bsc#1186763).
 - CVE-2020-22033,CVE-2020-22019: Fixed a heap-based Buffer Overflow Vulnerability at libavfilter/vf_vmafmotion.c in convolution_y_8bit() and in convolution_y_10bit() in libavfilter/vf_vmafmotion.c (bsc#1186615, bsc#1186597).
 - CVE-2020-21688: Fixed a heap-use-after-free in the av_freep function in libavutil/mem.c (bsc#1189348).
 - CVE-2020-21697: Fixed a heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c (bsc#1189350).
 - CVE-2021-38114: Fixed a not checked return value of the init_vlc function (bsc#1189142).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1129714

https://bugzilla.suse.com/1172640

https://bugzilla.suse.com/1186406

https://bugzilla.suse.com/1186583

https://bugzilla.suse.com/1186586

https://bugzilla.suse.com/1186587

https://bugzilla.suse.com/1186596

https://bugzilla.suse.com/1186597

https://bugzilla.suse.com/1186598

https://bugzilla.suse.com/1186600

https://bugzilla.suse.com/1186603

https://bugzilla.suse.com/1186604

https://bugzilla.suse.com/1186605

https://bugzilla.suse.com/1186613

https://bugzilla.suse.com/1186614

https://bugzilla.suse.com/1186615

https://bugzilla.suse.com/1186616

https://bugzilla.suse.com/1186658

https://bugzilla.suse.com/1186660

https://bugzilla.suse.com/1186757

https://bugzilla.suse.com/1186758

https://bugzilla.suse.com/1186762

https://bugzilla.suse.com/1186763

https://bugzilla.suse.com/1186849

https://bugzilla.suse.com/1186859

https://bugzilla.suse.com/1186861

https://bugzilla.suse.com/1186863

https://bugzilla.suse.com/1189142

https://bugzilla.suse.com/1189348

https://bugzilla.suse.com/1189350

https://www.suse.com/security/cve/CVE-2019-17539

https://www.suse.com/security/cve/CVE-2019-9721

https://www.suse.com/security/cve/CVE-2020-13904

https://www.suse.com/security/cve/CVE-2020-20448

https://www.suse.com/security/cve/CVE-2020-20451

https://www.suse.com/security/cve/CVE-2020-21041

https://www.suse.com/security/cve/CVE-2020-21688

https://www.suse.com/security/cve/CVE-2020-21697

https://www.suse.com/security/cve/CVE-2020-22015

https://www.suse.com/security/cve/CVE-2020-22016

https://www.suse.com/security/cve/CVE-2020-22017

https://www.suse.com/security/cve/CVE-2020-22019

https://www.suse.com/security/cve/CVE-2020-22020

https://www.suse.com/security/cve/CVE-2020-22021

https://www.suse.com/security/cve/CVE-2020-22022

https://www.suse.com/security/cve/CVE-2020-22023

https://www.suse.com/security/cve/CVE-2020-22025

https://www.suse.com/security/cve/CVE-2020-22026

https://www.suse.com/security/cve/CVE-2020-22031

https://www.suse.com/security/cve/CVE-2020-22032

https://www.suse.com/security/cve/CVE-2020-22033

https://www.suse.com/security/cve/CVE-2020-22034

https://www.suse.com/security/cve/CVE-2020-22038

https://www.suse.com/security/cve/CVE-2020-22039

https://www.suse.com/security/cve/CVE-2020-22043

https://www.suse.com/security/cve/CVE-2020-22044

https://www.suse.com/security/cve/CVE-2020-22046

https://www.suse.com/security/cve/CVE-2020-22048

https://www.suse.com/security/cve/CVE-2020-22049

https://www.suse.com/security/cve/CVE-2020-22054

https://www.suse.com/security/cve/CVE-2021-38114

http://www.nessus.org/u?bf868064

Plugin Details

Severity: Critical

ID: 322833

File Name: suse_SU-2021-2929-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/25/2026

Updated: 6/25/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-17539

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libswresample-devel, p-cpe:/a:novell:suse_linux:libavformat-devel, p-cpe:/a:novell:suse_linux:libavresample3-32bit, p-cpe:/a:novell:suse_linux:libavcodec57, p-cpe:/a:novell:suse_linux:libswresample2-32bit, p-cpe:/a:novell:suse_linux:libpostproc54-32bit, p-cpe:/a:novell:suse_linux:libavresample3, p-cpe:/a:novell:suse_linux:libavcodec-devel, p-cpe:/a:novell:suse_linux:libavutil-devel, p-cpe:/a:novell:suse_linux:libavfilter6, p-cpe:/a:novell:suse_linux:libavresample-devel, p-cpe:/a:novell:suse_linux:libavfilter-devel, p-cpe:/a:novell:suse_linux:libswscale-devel, p-cpe:/a:novell:suse_linux:libavutil55, p-cpe:/a:novell:suse_linux:libavdevice57-32bit, p-cpe:/a:novell:suse_linux:libswresample2, p-cpe:/a:novell:suse_linux:libswscale4, p-cpe:/a:novell:suse_linux:libavdevice-devel, p-cpe:/a:novell:suse_linux:libavdevice57, p-cpe:/a:novell:suse_linux:libavformat57, p-cpe:/a:novell:suse_linux:libavfilter6-32bit, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:libavutil55-32bit, p-cpe:/a:novell:suse_linux:libavcodec57-32bit, p-cpe:/a:novell:suse_linux:libswscale4-32bit, p-cpe:/a:novell:suse_linux:libavformat57-32bit, p-cpe:/a:novell:suse_linux:libpostproc54, p-cpe:/a:novell:suse_linux:libpostproc-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/2/2021

Vulnerability Publication Date: 3/12/2019

Reference Information

CVE: CVE-2019-17539, CVE-2019-9721, CVE-2020-13904, CVE-2020-20448, CVE-2020-20451, CVE-2020-21041, CVE-2020-21688, CVE-2020-21697, CVE-2020-22015, CVE-2020-22016, CVE-2020-22017, CVE-2020-22019, CVE-2020-22020, CVE-2020-22021, CVE-2020-22022, CVE-2020-22023, CVE-2020-22025, CVE-2020-22026, CVE-2020-22031, CVE-2020-22032, CVE-2020-22033, CVE-2020-22034, CVE-2020-22038, CVE-2020-22039, CVE-2020-22043, CVE-2020-22044, CVE-2020-22046, CVE-2020-22048, CVE-2020-22049, CVE-2020-22054, CVE-2021-38114

SuSE: SUSE-SU-2021:2929-1