{"affected":[{"ecosystem_specific":{"binaries":[{"ffmpeg":"3.1.8-8.1","libavcodec-devel":"3.1.8-8.1","libavcodec57":"3.1.8-8.1","libavdevice-devel":"3.1.8-8.1","libavdevice57":"3.1.8-8.1","libavfilter-devel":"3.1.8-8.1","libavfilter6":"3.1.8-8.1","libavformat-devel":"3.1.8-8.1","libavformat57":"3.1.8-8.1","libavresample-devel":"3.1.8-8.1","libavresample3":"3.1.8-8.1","libavutil-devel":"3.1.8-8.1","libavutil55":"3.1.8-8.1","libpostproc-devel":"3.1.8-8.1","libpostproc54":"3.1.8-8.1","libswresample-devel":"3.1.8-8.1","libswresample2":"3.1.8-8.1","libswscale-devel":"3.1.8-8.1","libswscale4":"3.1.8-8.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP2","name":"ffmpeg","purl":"pkg:rpm/suse/ffmpeg&distro=SUSE%20Package%20Hub%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.8-8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update of ffmpeg to version 3.1.8 fixes the following security issues:\n\n- CVE-2016-9561: DoS through huge memory allocation (bsc#1015120)\n- CVE-2016-10191: remote code execution vulnerability (bsc#1022921)\n- CVE-2016-10192: remote code execution vulnerability (bsc#1022922)\n- CVE-2017-5024: Heap overflow\n- CVE-2017-5025: Heap overflow\n","id":"openSUSE-SU-2017:1531-1","modified":"2017-06-11T09:31:47Z","published":"2017-06-11T09:31:47Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1015120"},{"type":"REPORT","url":"https://bugzilla.suse.com/1022921"},{"type":"REPORT","url":"https://bugzilla.suse.com/1022922"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10191"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10192"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9561"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5024"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5025"}],"related":["CVE-2016-10191","CVE-2016-10192","CVE-2016-9561","CVE-2017-5024","CVE-2017-5025"],"summary":"Security update for ffmpeg","upstream":["CVE-2016-10191","CVE-2016-10192","CVE-2016-9561","CVE-2017-5024","CVE-2017-5025"]}