=========================================================================
\nUbuntu Security Notice USN-5472-1
\nJune 08, 2022<\/p>\n
ffmpeg vulnerabilities
\n=========================================================================
\nA security issue affects these releases of Ubuntu and its derivatives:<\/p>\n
– Ubuntu 22.04 LTS
\n– Ubuntu 21.10
\n– Ubuntu 20.04 LTS
\n– Ubuntu 18.04 LTS<\/p>\n
Summary:<\/p>\n
Several security issues were fixed in FFmpeg.<\/p>\n
Software Description:
\n– ffmpeg: Tools for transcoding, streaming and playing of multimedia files<\/p>\n
Details:<\/p>\n
It was discovered that FFmpeg would attempt to divide by zero when using Linear
\nPredictive Coding (LPC) or AAC codecs. An attacker could possibly use this
\nissue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS,
\nUbuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20445, CVE-2020-20446,
\nCVE-2020-20453)<\/p>\n
It was discovered that FFmpeg incorrectly handled certain input. An attacker
\ncould possibly use this issue to cause a denial of service. This issue only
\naffected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20450)<\/p>\n
It was discovered that FFmpeg incorrectly handled file conversion to APNG
\nformat. An attacker could possibly use this issue to cause a denial of
\nservice. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
\n(CVE-2020-21041)<\/p>\n
It was discovered that FFmpeg incorrectly handled remuxing RTP-hint tracks.
\nA remote attacker could possibly use this issue to execute arbitrary code.
\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
\n(CVE-2020-21688)<\/p>\n
It was discovered that FFmpeg incorrectly handled certain specially crafted
\nAVI files. An attacker could possibly use this issue to cause a denial of
\nservice. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
\nUbuntu 21.10. (CVE-2020-21697)<\/p>\n
It was discovered that FFmpeg incorrectly handled writing MOV video tags. An
\nattacker could possibly use this issue to cause a denial of service, obtain
\nsensitive information or execute arbitrary code. This issue only affected
\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22015)<\/p>\n
It was discovered that FFmpeg incorrectly handled writing MOV files. An
\nattacker could possibly use this issue to cause a denial of service or other
\nunspecified impact. This issue affected only Ubuntu 18.04 LTS. (CVE-2020-22016)<\/p>\n
It was discovered that FFmpeg incorrectly handled memory when using certain
\nfilters. An attacker could possibly use this issue to cause a denial of service
\nor other unspecified impact. This issue only affected Ubuntu 18.04 LTS and
\nUbuntu 20.04 LTS. (CVE-2020-22017, CVE-2020-22020, CVE-2020-22022,
\nCVE-2020-22023, CVE-2022-22025, CVE-2020-22026, CVE-2020-22028, CVE-2020-22031,
\nCVE-2020-22032, CVE-2020-22034, CVE-2020-22036, CVE-2020-22042)<\/p>\n
It was discovered that FFmpeg incorrectly handled memory when using certain
\nfilters. An attacker could possibly use this issue to cause a denial of service
\nor other unspecified impact. This issue only affected Ubuntu 18.04 LTS,
\nUbuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22019, CVE-2020-22021,
\nCVE-2020-22033)<\/p>\n
It was discovered that FFmpeg incorrectly handled memory when using certain
\nfilters. An attacker could possibly use this issue to cause a denial of service
\nor other unspecified impact. This issue only affected Ubuntu 21.10.
\n(CVE-2020-22027, CVE-2020-22029, CVE-2020-22030, CVE-2020-22035)<\/p>\n
It was discovered that FFmpeg incorrectly handled certain specially crafted
\nJPEG files. An attacker could possibly use this issue to obtain sensitive
\ninformation. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
\nUbuntu 21.10. (CVE-2020-22037)<\/p>\n
It was discovered that FFmpeg incorrectly performed calculations in EXR codec.
\nAn attacker could possibly use this issue to cause a denial of service. This
\nissue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35965)<\/p>\n
It was discovered that FFmpeg did not verify return values of functions
\ninit_vlc and init_get_bits. An attacker could possibly use this issue to cause
\na denial of service or other unspecified impact. This issue only affected
\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-38114,
\nCVE-2021-38171)<\/p>\n
It was discovered that FFmpeg incorrectly handled certain specially crafted
\nfiles. An attacker could possibly use this issue to cause a denial of service.
\nThis issue only affected Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-1475)<\/p>\n
Update instructions:<\/p>\n
The problem can be corrected by updating your system to the following
\npackage versions:<\/p>\n
Ubuntu 22.04 LTS:
\nffmpeg 7:4.4.2-0ubuntu0.22.04.1
\nlibavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1
\nlibavcodec58 7:4.4.2-0ubuntu0.22.04.1
\nlibavdevice58 7:4.4.2-0ubuntu0.22.04.1
\nlibavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1
\nlibavfilter7 7:4.4.2-0ubuntu0.22.04.1
\nlibavformat-extra58 7:4.4.2-0ubuntu0.22.04.1
\nlibavformat58 7:4.4.2-0ubuntu0.22.04.1
\nlibavutil56 7:4.4.2-0ubuntu0.22.04.1
\nlibpostproc55 7:4.4.2-0ubuntu0.22.04.1
\nlibswresample3 7:4.4.2-0ubuntu0.22.04.1
\nlibswscale5 7:4.4.2-0ubuntu0.22.04.1<\/p>\n
Ubuntu 21.10:
\nffmpeg 7:4.4.2-0ubuntu0.21.10.1
\nlibavcodec-extra58 7:4.4.2-0ubuntu0.21.10.1
\nlibavcodec58 7:4.4.2-0ubuntu0.21.10.1
\nlibavdevice58 7:4.4.2-0ubuntu0.21.10.1
\nlibavfilter-extra7 7:4.4.2-0ubuntu0.21.10.1
\nlibavfilter7 7:4.4.2-0ubuntu0.21.10.1
\nlibavformat-extra58 7:4.4.2-0ubuntu0.21.10.1
\nlibavformat58 7:4.4.2-0ubuntu0.21.10.1
\nlibavutil56 7:4.4.2-0ubuntu0.21.10.1
\nlibpostproc55 7:4.4.2-0ubuntu0.21.10.1
\nlibswresample3 7:4.4.2-0ubuntu0.21.10.1
\nlibswscale5 7:4.4.2-0ubuntu0.21.10.1<\/p>\n
Ubuntu 20.04 LTS:
\nffmpeg 7:4.2.7-0ubuntu0.1
\nlibavcodec-extra58 7:4.2.7-0ubuntu0.1
\nlibavcodec58 7:4.2.7-0ubuntu0.1
\nlibavdevice58 7:4.2.7-0ubuntu0.1
\nlibavfilter-extra7 7:4.2.7-0ubuntu0.1
\nlibavfilter7 7:4.2.7-0ubuntu0.1
\nlibavformat58 7:4.2.7-0ubuntu0.1
\nlibavresample4 7:4.2.7-0ubuntu0.1
\nlibavutil56 7:4.2.7-0ubuntu0.1
\nlibpostproc55 7:4.2.7-0ubuntu0.1
\nlibswresample3 7:4.2.7-0ubuntu0.1
\nlibswscale5 7:4.2.7-0ubuntu0.1<\/p>\n
Ubuntu 18.04 LTS:
\nffmpeg 7:3.4.11-0ubuntu0.1
\nlibavcodec-extra57 7:3.4.11-0ubuntu0.1
\nlibavcodec57 7:3.4.11-0ubuntu0.1
\nlibavdevice57 7:3.4.11-0ubuntu0.1
\nlibavfilter-extra6 7:3.4.11-0ubuntu0.1
\nlibavfilter6 7:3.4.11-0ubuntu0.1
\nlibavformat57 7:3.4.11-0ubuntu0.1
\nlibavresample3 7:3.4.11-0ubuntu0.1
\nlibavutil55 7:3.4.11-0ubuntu0.1
\nlibpostproc54 7:3.4.11-0ubuntu0.1
\nlibswresample2 7:3.4.11-0ubuntu0.1
\nlibswscale4 7:3.4.11-0ubuntu0.1<\/p>\n
This update uses a new upstream release, which includes additional bug
\nfixes. In general, a standard system update will make all the necessary
\nchanges.<\/p>\n
References:
\nhttps:\/\/ubuntu.com\/security\/notices\/USN-5472-1
\nCVE-2020-20445, CVE-2020-20446, CVE-2020-20450, CVE-2020-20453,
\nCVE-2020-21041, CVE-2020-21688, CVE-2020-21697, CVE-2020-22015,
\nCVE-2020-22016, CVE-2020-22017, CVE-2020-22019, CVE-2020-22020,
\nCVE-2020-22021, CVE-2020-22022, CVE-2020-22023, CVE-2020-22025,
\nCVE-2020-22026, CVE-2020-22027, CVE-2020-22028, CVE-2020-22029,
\nCVE-2020-22030, CVE-2020-22031, CVE-2020-22032, CVE-2020-22033,
\nCVE-2020-22034, CVE-2020-22035, CVE-2020-22036, CVE-2020-22037,
\nCVE-2020-22042, CVE-2020-35965, CVE-2021-38114, CVE-2021-38171,
\nCVE-2021-38291, CVE-2022-1475<\/p>\n
Package Information:
\nhttps:\/\/launchpad.net\/ubuntu\/+source\/ffmpeg\/7:4.4.2-0ubuntu0.22.04.1
\nhttps:\/\/launchpad.net\/ubuntu\/+source\/ffmpeg\/7:4.4.2-0ubuntu0.21.10.1
\nhttps:\/\/launchpad.net\/ubuntu\/+source\/ffmpeg\/7:4.2.7-0ubuntu0.1
\nhttps:\/\/launchpad.net\/ubuntu\/+source\/ffmpeg\/7:3.4.11-0ubuntu0.1<\/p>\n","protected":false},"excerpt":{"rendered":"
========================================================================= Ubuntu Security Notice USN-5472-1 June 08, 2022 ffmpeg vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 22.04 LTS – Ubuntu 21.10 – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS Summary: Several security issues were fixed in FFmpeg. Software Description: – ffmpeg: Tools for transcoding, streaming and playing …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-25593","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=25593"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/25593\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=25593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=25593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=25593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}