Lucene search

GoogleOSV:SUSE-SU-2024:2803-1

HistoryAug 07, 2024 - 7:47 a.m.

Security update for ffmpeg-4

2024-08-0707:47:56

Google

osv.dev

ffmpeg-4

security update

buffer overflow

floating point exception

cve-2024-32230

cve-2023-51798

libavfilter.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

JSON

This update for ffmpeg-4 fixes the following issues:

CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug in load_input_picture() (bsc#1227296).
CVE-2023-51798: Fixed floating point exception in the via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304).

References

bugzilla.suse.com/1223304

bugzilla.suse.com/1227296

www.suse.com/security/cve/CVE-2023-51798

www.suse.com/security/cve/CVE-2024-32230

www.suse.com/support/update/announcement/2024/suse-su-20242803-1/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

JSON

Related for OSV:SUSE-SU-2024:2803-1