{"affected":[{"ecosystem_specific":{"binaries":[{"libavcodec57":"3.4.2-4.12.4","libavutil-devel":"3.4.2-4.12.4","libavutil55":"3.4.2-4.12.4","libpostproc-devel":"3.4.2-4.12.4","libpostproc54":"3.4.2-4.12.4","libswresample-devel":"3.4.2-4.12.4","libswresample2":"3.4.2-4.12.4","libswscale-devel":"3.4.2-4.12.4","libswscale4":"3.4.2-4.12.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-4.12.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ffmpeg":"3.4.2-4.12.4","libavdevice57":"3.4.2-4.12.4","libavfilter6":"3.4.2-4.12.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-4.12.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libavcodec-devel":"3.4.2-4.12.4","libavformat-devel":"3.4.2-4.12.4","libavformat57":"3.4.2-4.12.4","libavresample-devel":"3.4.2-4.12.4","libavresample3":"3.4.2-4.12.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-4.12.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ffmpeg fixes the following issues:\n\n- CVE-2018-13300: An improper argument passed to the avpriv_request_sample\n  function may have triggered an out-of-array read while converting a crafted AVI\n  file to MPEG4, leading to a denial of service and possibly an information\n  disclosure (bsc#1100348)\n- CVE-2018-15822: The flv_write_packet function did not check for an empty\n  audio packet, leading to an assertion failure and DoS (bsc#1105869)\n- CVE-2018-13305: Due to a missing check for negative values of the mquant\n  variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c\n  may trigger an out-of-array access while converting a crafted AVI\n  file to MPEG4, leading to an information disclosure or a denial of\n  service. (bsc#1100345).\n- CVE-2018-12458: An improper integer type in the mpeg4_encode_gop_header\n  function in libavcodec/mpeg4videoenc.c might have triggered an assertion\n  violation while converting a crafted AVI file to MPEG4, leading to a\n  denial of service. (bsc#1097983).\n","id":"SUSE-SU-2018:3609-1","modified":"2018-11-02T16:11:02Z","published":"2018-11-02T16:11:02Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183609-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1097983"},{"type":"REPORT","url":"https://bugzilla.suse.com/1100345"},{"type":"REPORT","url":"https://bugzilla.suse.com/1100348"},{"type":"REPORT","url":"https://bugzilla.suse.com/1105869"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12458"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13300"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13305"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-15822"}],"related":["CVE-2018-12458","CVE-2018-13300","CVE-2018-13305","CVE-2018-15822"],"summary":"Security update for ffmpeg","upstream":["CVE-2018-12458","CVE-2018-13300","CVE-2018-13305","CVE-2018-15822"]}