{"affected":[{"ecosystem_specific":{"binaries":[{"libavcodec57":"3.4.2-4.5.1","libavutil-devel":"3.4.2-4.5.1","libavutil55":"3.4.2-4.5.1","libpostproc-devel":"3.4.2-4.5.1","libpostproc54":"3.4.2-4.5.1","libswresample-devel":"3.4.2-4.5.1","libswresample2":"3.4.2-4.5.1","libswscale-devel":"3.4.2-4.5.1","libswscale4":"3.4.2-4.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-4.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libavcodec-devel":"3.4.2-4.5.1","libavformat-devel":"3.4.2-4.5.1","libavformat57":"3.4.2-4.5.1","libavresample-devel":"3.4.2-4.5.1","libavresample3":"3.4.2-4.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-4.5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ffmpeg fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-13302: Fixed out of array access issue (bsc#1100356).\n- CVE-2018-1999010: Fixed multiple out of array access vulnerabilities in the\n  mms protocol that could result in accessing out of bound data via specially\n  crafted input files (bnc#1102899)\n- CVE-2018-1999011: Fixed a heap buffer overflow in asf_o format demuxer that\n  could result in remote code execution (bnc#1102689)\n- CVE-2018-1999012: Fixed an infinite loop vulnerability in pva format demuxer\n  that could result in excessive amount of ressource allocation like CPU an RAM\n  (CVE-2018-1999012 bnc#1102688).\n- CVE-2018-1999013: Fixed an use-after-free vulnerability in the realmedia\n  demuxer that could allow remote attackers to read heap memory (bnc#1102687)\n","id":"SUSE-SU-2018:2305-1","modified":"2018-08-10T20:25:31Z","published":"2018-08-10T20:25:31Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182305-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1100356"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102687"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102688"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102689"},{"type":"REPORT","url":"https://bugzilla.suse.com/1102899"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13302"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1999010"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1999011"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1999012"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1999013"}],"related":["CVE-2018-13302","CVE-2018-1999010","CVE-2018-1999011","CVE-2018-1999012","CVE-2018-1999013"],"summary":"Security update for ffmpeg","upstream":["CVE-2018-13302","CVE-2018-1999010","CVE-2018-1999011","CVE-2018-1999012","CVE-2018-1999013"]}