{"affected":[{"ecosystem_specific":{"binaries":[{"libavcodec57":"3.4.2-11.8.2","libavformat57":"3.4.2-11.8.2","libavresample-devel":"3.4.2-11.8.2","libavresample3":"3.4.2-11.8.2","libavresample3-32bit":"3.4.2-11.8.2","libavutil-devel":"3.4.2-11.8.2","libavutil55":"3.4.2-11.8.2","libpostproc-devel":"3.4.2-11.8.2","libpostproc54":"3.4.2-11.8.2","libswresample-devel":"3.4.2-11.8.2","libswresample2":"3.4.2-11.8.2","libswscale-devel":"3.4.2-11.8.2","libswscale4":"3.4.2-11.8.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP2","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-11.8.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libavcodec57":"3.4.2-11.8.2","libavformat57":"3.4.2-11.8.2","libavresample-devel":"3.4.2-11.8.2","libavresample3":"3.4.2-11.8.2","libavresample3-64bit":"3.4.2-11.8.2","libavutil-devel":"3.4.2-11.8.2","libavutil55":"3.4.2-11.8.2","libpostproc-devel":"3.4.2-11.8.2","libpostproc54":"3.4.2-11.8.2","libswresample-devel":"3.4.2-11.8.2","libswresample2":"3.4.2-11.8.2","libswscale-devel":"3.4.2-11.8.2","libswscale4":"3.4.2-11.8.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP3","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-11.8.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ffmpeg":"3.4.2-11.8.2","libavdevice57":"3.4.2-11.8.2","libavfilter6":"3.4.2-11.8.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP2","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-11.8.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ffmpeg":"3.4.2-11.8.2","libavdevice57":"3.4.2-11.8.2","libavfilter6":"3.4.2-11.8.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP3","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-11.8.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libavcodec-devel":"3.4.2-11.8.2","libavformat-devel":"3.4.2-11.8.2","libavresample-devel":"3.4.2-11.8.2","libavresample3":"3.4.2-11.8.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP2","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-11.8.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libavcodec-devel":"3.4.2-11.8.2","libavformat-devel":"3.4.2-11.8.2","libavresample-devel":"3.4.2-11.8.2","libavresample3":"3.4.2-11.8.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP3","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.4.2-11.8.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ffmpeg fixes the following issues:\n\n- CVE-2019-9721: Fix denial of service in the subtitle decoder in handle_open_brace from libavcodec/htmlsubtitles.c (bsc#1129714).\n- CVE-2020-22046: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c (bsc#1186849).\n- CVE-2020-22048: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c (bsc#1186859).\n- CVE-2020-22049: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c (bsc#1186861).\n- CVE-2020-22054: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c (bsc#1186863).\n- CVE-2020-21688: Fixed a heap-use-after-free in the av_freep function in libavutil/mem.c (bsc#1189348).\n- CVE-2020-21697: Fixed a heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c (bsc#1189350).\n- CVE-2021-38114: Fixed a not checked return value of the init_vlc function (bsc#1189142).\n","id":"SUSE-SU-2021:2919-1","modified":"2021-09-02T08:05:11Z","published":"2021-09-02T08:05:11Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20212919-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1129714"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186849"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186859"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186861"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186863"},{"type":"REPORT","url":"https://bugzilla.suse.com/1189142"},{"type":"REPORT","url":"https://bugzilla.suse.com/1189348"},{"type":"REPORT","url":"https://bugzilla.suse.com/1189350"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9721"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-21688"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-21697"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-22046"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-22048"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-22049"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-22054"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38114"}],"related":["CVE-2019-9721","CVE-2020-21688","CVE-2020-21697","CVE-2020-22046","CVE-2020-22048","CVE-2020-22049","CVE-2020-22054","CVE-2021-38114"],"summary":"Security update for ffmpeg","upstream":["CVE-2019-9721","CVE-2020-21688","CVE-2020-21697","CVE-2020-22046","CVE-2020-22048","CVE-2020-22049","CVE-2020-22054","CVE-2021-38114"]}