[SECURITY] [DSA 5394-1] ffmpeg security update

2023-04-3019:03:39

lists.debian.org

security advisory

arbitrary code execution

debian

ffmpeg

denial of service

cve-2022-3109

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

54.4%

JSON

Debian Security Advisory DSA-5394-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
April 30, 2023 https://www.debian.org/security/faq

Package : ffmpeg
CVE ID : CVE-2022-3109

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.

For the stable distribution (bullseye), this problem has been fixed in
version 7:4.3.6-0+deb11u1.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11armhflibavcodec-extra58-dbgsym< 7:4.3.6-0+deb11u1libavcodec-extra58-dbgsym_7:4.3.6-0+deb11u1_armhf.deb
Debian11amd64libavfilter-dev< 7:4.3.6-0+deb11u1libavfilter-dev_7:4.3.6-0+deb11u1_amd64.deb
Debian10amd64ffmpeg-dbgsym< 7:4.1.11-0+deb10u1ffmpeg-dbgsym_7:4.1.11-0+deb10u1_amd64.deb
Debian10i386libavformat58-dbgsym< 7:4.1.11-0+deb10u1libavformat58-dbgsym_7:4.1.11-0+deb10u1_i386.deb
Debian11mips64elffmpeg-dbgsym< 7:4.3.6-0+deb11u1ffmpeg-dbgsym_7:4.3.6-0+deb11u1_mips64el.deb
Debian10armhflibavutil-dev< 7:4.1.11-0+deb10u1libavutil-dev_7:4.1.11-0+deb10u1_armhf.deb
Debian10arm64libavresample-dev< 7:4.1.11-0+deb10u1libavresample-dev_7:4.1.11-0+deb10u1_arm64.deb
Debian11mipsellibavformat58< 7:4.3.6-0+deb11u1libavformat58_7:4.3.6-0+deb11u1_mipsel.deb
Debian11arm64libavresample4-dbgsym< 7:4.3.6-0+deb11u1libavresample4-dbgsym_7:4.3.6-0+deb11u1_arm64.deb
Debian10amd64libavformat-dev< 7:4.1.11-0+deb10u1libavformat-dev_7:4.1.11-0+deb10u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	armhf	libavcodec-extra58-dbgsym	< 7:4.3.6-0+deb11u1	libavcodec-extra58-dbgsym_7:4.3.6-0+deb11u1_armhf.deb
Debian	11	amd64	libavfilter-dev	< 7:4.3.6-0+deb11u1	libavfilter-dev_7:4.3.6-0+deb11u1_amd64.deb
Debian	10	amd64	ffmpeg-dbgsym	< 7:4.1.11-0+deb10u1	ffmpeg-dbgsym_7:4.1.11-0+deb10u1_amd64.deb
Debian	10	i386	libavformat58-dbgsym	< 7:4.1.11-0+deb10u1	libavformat58-dbgsym_7:4.1.11-0+deb10u1_i386.deb
Debian	11	mips64el	ffmpeg-dbgsym	< 7:4.3.6-0+deb11u1	ffmpeg-dbgsym_7:4.3.6-0+deb11u1_mips64el.deb
Debian	10	armhf	libavutil-dev	< 7:4.1.11-0+deb10u1	libavutil-dev_7:4.1.11-0+deb10u1_armhf.deb
Debian	10	arm64	libavresample-dev	< 7:4.1.11-0+deb10u1	libavresample-dev_7:4.1.11-0+deb10u1_arm64.deb
Debian	11	mipsel	libavformat58	< 7:4.3.6-0+deb11u1	libavformat58_7:4.3.6-0+deb11u1_mipsel.deb
Debian	11	arm64	libavresample4-dbgsym	< 7:4.3.6-0+deb11u1	libavresample4-dbgsym_7:4.3.6-0+deb11u1_arm64.deb
Debian	10	amd64	libavformat-dev	< 7:4.1.11-0+deb10u1	libavformat-dev_7:4.1.11-0+deb10u1_amd64.deb