17 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-48434
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg-4 (SUSE-SU-2025:0958-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0958-1 advisory. - CVE-2022-48434: Fixed use after free in libavcodec/pthreadframe.c bsc1209934 - CVE-2020-22021:...
[slackware-security] ffmpeg
New ffmpeg packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ffmpeg-4.4.5-i586-1slack15.0.txz: Upgraded. This update addresses several vulnerabilities in FFmpeg which could result in denial of service, or...
Slackware Linux 15.0 ffmpeg Multiple Vulnerabilities (SSA:2024-235-01)
The version of ffmpeg installed on the remote host is prior to 4.4.5. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-235-01 advisory. New ffmpeg packages are available for Slackware 15.0 to fix security issues. Tenable has extracted the preceding description...
OESA-2024-1873 ffmpeg security update
FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: An integer overflow...
Debian dsa-5721 : ffmpeg - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5721 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5721-1 [email protected] https://www.debian.org/securit...
USN-6449-1: FFmpeg vulnerabilities
It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-22038 It was discovered that FFmpeg incorrect...
SUSE: Security Advisory (SUSE-SU-2023:2108-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:2115-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: libavcodec-devel / libavcodec57 / libavcodec57-32bit / etc (SUSE-SU-2023:2115-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2115-1 advisory. - CVE-2019-13390: Fixed a potential crash when processing a crafted AVI stream bsc1140754. - CVE-2022-3341: Fixed a potential crash...
SUSE SLED15: ffmpeg / ffmpeg-private-devel / libavcodec-devel / libavcodec57 / etc (SUSE-SU-2023:2108-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2108-1 advisory. - CVE-2022-48434: Fixed use after free in libavcodec/pthreadframe.c bsc1209934. Tenable has extracted the...
SUSE-SU-2023:2108-1 Security update for ffmpeg
This update for ffmpeg fixes the following issues: - CVE-2022-48434: Fixed use after free in libavcodec/pthreadframe.c bsc1209934...
SUSE SLED15: ffmpeg-4 / ffmpeg-4-libavcodec-devel / ffmpeg-4-libavdevice-devel / etc (SUSE-SU-2023:2087-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2087-1 advisory. This updates fixes the following issues for ffmpeg-4: Security fixes: - CVE-2022-48434: Fixed use after...
SUSE-SU-2023:2087-1 This update has recommended fixes for ffmpeg-4
This updates fixes the following issues for ffmpeg-4: Security fixes: - CVE-2022-48434: Fixed use after free in libavcodec/pthreadframe.c bsc1209934. Other fixes: - Add necessary subpackages to the Packagehub. bsc1206067...
Fedora 37 : ffmpeg (2023-32c3bbbbc9)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-32c3bbbbc9 advisory. New release with bug fixes across the tree Contains security fix for CVE-2022-48434 . Tenable has extracted the preceding description block directly from the...
CVE-2022-48434
libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...
CVE-2022-48434
CVE-2022-48434 : FFmpeg’s libavcodec pthread_frame.c contains a use-after-free in worker threads due to stale hwaccel state, exploitable in some scenarios (e.g., mid-video SPS change with Direct3D11). Affected component: libavcodec in FFmpeg lib used by VLC and others. Vulnerable version: FFmpeg ...