[SECURITY] [DSA 4990-1] ffmpeg security update

2021-10-1918:51:14

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.7%

JSON

Debian Security Advisory DSA-4990-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
October 19, 2021 https://www.debian.org/security/faq

Package : ffmpeg
CVE ID : CVE-2020-20445 CVE-2020-20446 CVE-2020-20453 CVE-2020-21041
CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019
CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023
CVE-2020-22025 CVE-2020-22026 CVE-2020-22027 CVE-2020-22028
CVE-2020-22029 CVE-2020-22030 CVE-2020-22031 CVE-2020-22032
CVE-2020-22033 CVE-2020-22034 CVE-2020-22035 CVE-2020-22036
CVE-2020-22037 CVE-2020-22049 CVE-2020-22054 CVE-2020-35965
CVE-2021-38114 CVE-2021-38171 CVE-2021-38291

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.

For the oldstable distribution (buster), these problems have been fixed
in version 7:4.1.8-0+deb10u1.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10mipsellibavcodec58< 7:4.1.8-0+deb10u1libavcodec58_7:4.1.8-0+deb10u1_mipsel.deb
Debian10armellibpostproc55-dbgsym< 7:4.1.8-0+deb10u1libpostproc55-dbgsym_7:4.1.8-0+deb10u1_armel.deb
Debian10mips64ellibswresample3-dbgsym< 7:4.1.8-0+deb10u1libswresample3-dbgsym_7:4.1.8-0+deb10u1_mips64el.deb
Debian10amd64libavresample4< 7:4.1.8-0+deb10u1libavresample4_7:4.1.8-0+deb10u1_amd64.deb
Debian10i386libpostproc-dev< 7:4.1.8-0+deb10u1libpostproc-dev_7:4.1.8-0+deb10u1_i386.deb
Debian9amd64libavfilter6< 7:3.2.15-0+deb9u3libavfilter6_7:3.2.15-0+deb9u3_amd64.deb
Debian10armhflibavformat58< 7:4.1.8-0+deb10u1libavformat58_7:4.1.8-0+deb10u1_armhf.deb
Debian9amd64libpostproc54< 7:3.2.15-0+deb9u3libpostproc54_7:3.2.15-0+deb9u3_amd64.deb
Debian10armellibavutil56< 7:4.1.8-0+deb10u1libavutil56_7:4.1.8-0+deb10u1_armel.deb
Debian10mipsellibavcodec-dev< 7:4.1.8-0+deb10u1libavcodec-dev_7:4.1.8-0+deb10u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	mipsel	libavcodec58	< 7:4.1.8-0+deb10u1	libavcodec58_7:4.1.8-0+deb10u1_mipsel.deb
Debian	10	armel	libpostproc55-dbgsym	< 7:4.1.8-0+deb10u1	libpostproc55-dbgsym_7:4.1.8-0+deb10u1_armel.deb
Debian	10	mips64el	libswresample3-dbgsym	< 7:4.1.8-0+deb10u1	libswresample3-dbgsym_7:4.1.8-0+deb10u1_mips64el.deb
Debian	10	amd64	libavresample4	< 7:4.1.8-0+deb10u1	libavresample4_7:4.1.8-0+deb10u1_amd64.deb
Debian	10	i386	libpostproc-dev	< 7:4.1.8-0+deb10u1	libpostproc-dev_7:4.1.8-0+deb10u1_i386.deb
Debian	9	amd64	libavfilter6	< 7:3.2.15-0+deb9u3	libavfilter6_7:3.2.15-0+deb9u3_amd64.deb
Debian	10	armhf	libavformat58	< 7:4.1.8-0+deb10u1	libavformat58_7:4.1.8-0+deb10u1_armhf.deb
Debian	9	amd64	libpostproc54	< 7:3.2.15-0+deb9u3	libpostproc54_7:3.2.15-0+deb9u3_amd64.deb
Debian	10	armel	libavutil56	< 7:4.1.8-0+deb10u1	libavutil56_7:4.1.8-0+deb10u1_armel.deb
Debian	10	mipsel	libavcodec-dev	< 7:4.1.8-0+deb10u1	libavcodec-dev_7:4.1.8-0+deb10u1_mipsel.deb