[SECURITY] [DSA 4502-1] ffmpeg security update

2019-08-1620:38:56

lists.debian.org

275

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.2%

JSON

Debian Security Advisory DSA-4502-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2019 https://www.debian.org/security/faq

Package : ffmpeg
CVE ID : CVE-2019-12730

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.

For the stable distribution (buster), this problem has been fixed in
version 7:4.1.4-1~deb10u1.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10alllibavutil56< 7:4.1.4-1~deb10u1libavutil56_7:4.1.4-1~deb10u1_all.deb
Debian10alllibavcodec-dev< 7:4.1.4-1~deb10u1libavcodec-dev_7:4.1.4-1~deb10u1_all.deb
Debian10alllibavformat-dev< 7:4.1.4-1~deb10u1libavformat-dev_7:4.1.4-1~deb10u1_all.deb
Debian10alllibswresample3< 7:4.1.4-1~deb10u1libswresample3_7:4.1.4-1~deb10u1_all.deb
Debian10alllibavdevice-dev< 7:4.1.4-1~deb10u1libavdevice-dev_7:4.1.4-1~deb10u1_all.deb
Debian10alllibavresample-dev< 7:4.1.4-1~deb10u1libavresample-dev_7:4.1.4-1~deb10u1_all.deb
Debian10allffmpeg-doc< 7:4.1.4-1~deb10u1ffmpeg-doc_7:4.1.4-1~deb10u1_all.deb
Debian10allffmpeg< 7:4.1.4-1~deb10u1ffmpeg_7:4.1.4-1~deb10u1_all.deb
Debian10alllibpostproc55< 7:4.1.4-1~deb10u1libpostproc55_7:4.1.4-1~deb10u1_all.deb
Debian10alllibavdevice58< 7:4.1.4-1~deb10u1libavdevice58_7:4.1.4-1~deb10u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	libavutil56	< 7:4.1.4-1~deb10u1	libavutil56_7:4.1.4-1~deb10u1_all.deb
Debian	10	all	libavcodec-dev	< 7:4.1.4-1~deb10u1	libavcodec-dev_7:4.1.4-1~deb10u1_all.deb
Debian	10	all	libavformat-dev	< 7:4.1.4-1~deb10u1	libavformat-dev_7:4.1.4-1~deb10u1_all.deb
Debian	10	all	libswresample3	< 7:4.1.4-1~deb10u1	libswresample3_7:4.1.4-1~deb10u1_all.deb
Debian	10	all	libavdevice-dev	< 7:4.1.4-1~deb10u1	libavdevice-dev_7:4.1.4-1~deb10u1_all.deb
Debian	10	all	libavresample-dev	< 7:4.1.4-1~deb10u1	libavresample-dev_7:4.1.4-1~deb10u1_all.deb
Debian	10	all	ffmpeg-doc	< 7:4.1.4-1~deb10u1	ffmpeg-doc_7:4.1.4-1~deb10u1_all.deb
Debian	10	all	ffmpeg	< 7:4.1.4-1~deb10u1	ffmpeg_7:4.1.4-1~deb10u1_all.deb
Debian	10	all	libpostproc55	< 7:4.1.4-1~deb10u1	libpostproc55_7:4.1.4-1~deb10u1_all.deb
Debian	10	all	libavdevice58	< 7:4.1.4-1~deb10u1	libavdevice58_7:4.1.4-1~deb10u1_all.deb