{"affected":[{"ecosystem_specific":{"binaries":[{"ffmpeg-4-libavcodec-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavdevice-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavfilter-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavformat-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavresample-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavutil-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libpostproc-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libswresample-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libswscale-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-private-devel":"4.2.1-bp151.5.3.1","libavcodec58":"4.2.1-bp151.5.3.1","libavcodec58-32bit":"4.2.1-lp151.2.3.1","libavcodec58-64bit":"4.2.1-bp151.5.3.1","libavdevice58":"4.2.1-bp151.5.3.1","libavdevice58-32bit":"4.2.1-lp151.2.3.1","libavdevice58-64bit":"4.2.1-bp151.5.3.1","libavfilter7":"4.2.1-bp151.5.3.1","libavfilter7-32bit":"4.2.1-lp151.2.3.1","libavfilter7-64bit":"4.2.1-bp151.5.3.1","libavformat58":"4.2.1-bp151.5.3.1","libavformat58-32bit":"4.2.1-lp151.2.3.1","libavformat58-64bit":"4.2.1-bp151.5.3.1","libavresample4":"4.2.1-bp151.5.3.1","libavresample4-32bit":"4.2.1-lp151.2.3.1","libavresample4-64bit":"4.2.1-bp151.5.3.1","libavutil56":"4.2.1-bp151.5.3.1","libavutil56-32bit":"4.2.1-lp151.2.3.1","libavutil56-64bit":"4.2.1-bp151.5.3.1","libpostproc55":"4.2.1-bp151.5.3.1","libpostproc55-32bit":"4.2.1-lp151.2.3.1","libpostproc55-64bit":"4.2.1-bp151.5.3.1","libswresample3":"4.2.1-bp151.5.3.1","libswresample3-32bit":"4.2.1-lp151.2.3.1","libswresample3-64bit":"4.2.1-bp151.5.3.1","libswscale5":"4.2.1-bp151.5.3.1","libswscale5-32bit":"4.2.1-lp151.2.3.1","libswscale5-64bit":"4.2.1-bp151.5.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP2","name":"ffmpeg-4","purl":"pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Package%20Hub%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.1-bp151.5.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ffmpeg-4-libavcodec-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavdevice-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavfilter-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavformat-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavresample-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavutil-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libpostproc-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libswresample-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libswscale-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-private-devel":"4.2.1-bp151.5.3.1","libavcodec58":"4.2.1-bp151.5.3.1","libavcodec58-32bit":"4.2.1-lp151.2.3.1","libavcodec58-64bit":"4.2.1-bp151.5.3.1","libavdevice58":"4.2.1-bp151.5.3.1","libavdevice58-32bit":"4.2.1-lp151.2.3.1","libavdevice58-64bit":"4.2.1-bp151.5.3.1","libavfilter7":"4.2.1-bp151.5.3.1","libavfilter7-32bit":"4.2.1-lp151.2.3.1","libavfilter7-64bit":"4.2.1-bp151.5.3.1","libavformat58":"4.2.1-bp151.5.3.1","libavformat58-32bit":"4.2.1-lp151.2.3.1","libavformat58-64bit":"4.2.1-bp151.5.3.1","libavresample4":"4.2.1-bp151.5.3.1","libavresample4-32bit":"4.2.1-lp151.2.3.1","libavresample4-64bit":"4.2.1-bp151.5.3.1","libavutil56":"4.2.1-bp151.5.3.1","libavutil56-32bit":"4.2.1-lp151.2.3.1","libavutil56-64bit":"4.2.1-bp151.5.3.1","libpostproc55":"4.2.1-bp151.5.3.1","libpostproc55-32bit":"4.2.1-lp151.2.3.1","libpostproc55-64bit":"4.2.1-bp151.5.3.1","libswresample3":"4.2.1-bp151.5.3.1","libswresample3-32bit":"4.2.1-lp151.2.3.1","libswresample3-64bit":"4.2.1-bp151.5.3.1","libswscale5":"4.2.1-bp151.5.3.1","libswscale5-32bit":"4.2.1-lp151.2.3.1","libswscale5-64bit":"4.2.1-bp151.5.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15","name":"ffmpeg-4","purl":"pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.1-bp151.5.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ffmpeg-4-libavcodec-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavdevice-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavfilter-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavformat-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavresample-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavutil-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libpostproc-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libswresample-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libswscale-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-private-devel":"4.2.1-bp151.5.3.1","libavcodec58":"4.2.1-bp151.5.3.1","libavcodec58-32bit":"4.2.1-lp151.2.3.1","libavcodec58-64bit":"4.2.1-bp151.5.3.1","libavdevice58":"4.2.1-bp151.5.3.1","libavdevice58-32bit":"4.2.1-lp151.2.3.1","libavdevice58-64bit":"4.2.1-bp151.5.3.1","libavfilter7":"4.2.1-bp151.5.3.1","libavfilter7-32bit":"4.2.1-lp151.2.3.1","libavfilter7-64bit":"4.2.1-bp151.5.3.1","libavformat58":"4.2.1-bp151.5.3.1","libavformat58-32bit":"4.2.1-lp151.2.3.1","libavformat58-64bit":"4.2.1-bp151.5.3.1","libavresample4":"4.2.1-bp151.5.3.1","libavresample4-32bit":"4.2.1-lp151.2.3.1","libavresample4-64bit":"4.2.1-bp151.5.3.1","libavutil56":"4.2.1-bp151.5.3.1","libavutil56-32bit":"4.2.1-lp151.2.3.1","libavutil56-64bit":"4.2.1-bp151.5.3.1","libpostproc55":"4.2.1-bp151.5.3.1","libpostproc55-32bit":"4.2.1-lp151.2.3.1","libpostproc55-64bit":"4.2.1-bp151.5.3.1","libswresample3":"4.2.1-bp151.5.3.1","libswresample3-32bit":"4.2.1-lp151.2.3.1","libswresample3-64bit":"4.2.1-bp151.5.3.1","libswscale5":"4.2.1-bp151.5.3.1","libswscale5-32bit":"4.2.1-lp151.2.3.1","libswscale5-64bit":"4.2.1-bp151.5.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP1","name":"ffmpeg-4","purl":"pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.1-bp151.5.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ffmpeg-4-libavcodec-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavdevice-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavfilter-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavformat-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavresample-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libavutil-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libpostproc-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libswresample-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-libswscale-devel":"4.2.1-bp151.5.3.1","ffmpeg-4-private-devel":"4.2.1-bp151.5.3.1","libavcodec58":"4.2.1-bp151.5.3.1","libavcodec58-32bit":"4.2.1-lp151.2.3.1","libavcodec58-64bit":"4.2.1-bp151.5.3.1","libavdevice58":"4.2.1-bp151.5.3.1","libavdevice58-32bit":"4.2.1-lp151.2.3.1","libavdevice58-64bit":"4.2.1-bp151.5.3.1","libavfilter7":"4.2.1-bp151.5.3.1","libavfilter7-32bit":"4.2.1-lp151.2.3.1","libavfilter7-64bit":"4.2.1-bp151.5.3.1","libavformat58":"4.2.1-bp151.5.3.1","libavformat58-32bit":"4.2.1-lp151.2.3.1","libavformat58-64bit":"4.2.1-bp151.5.3.1","libavresample4":"4.2.1-bp151.5.3.1","libavresample4-32bit":"4.2.1-lp151.2.3.1","libavresample4-64bit":"4.2.1-bp151.5.3.1","libavutil56":"4.2.1-bp151.5.3.1","libavutil56-32bit":"4.2.1-lp151.2.3.1","libavutil56-64bit":"4.2.1-bp151.5.3.1","libpostproc55":"4.2.1-bp151.5.3.1","libpostproc55-32bit":"4.2.1-lp151.2.3.1","libpostproc55-64bit":"4.2.1-bp151.5.3.1","libswresample3":"4.2.1-bp151.5.3.1","libswresample3-32bit":"4.2.1-lp151.2.3.1","libswresample3-64bit":"4.2.1-bp151.5.3.1","libswscale5":"4.2.1-bp151.5.3.1","libswscale5-32bit":"4.2.1-lp151.2.3.1","libswscale5-64bit":"4.2.1-bp151.5.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"ffmpeg-4","purl":"pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.1-bp151.5.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ffmpeg-4 fixes the following issues:\n\nffmpeg-4 was updated to version 4.0.5, fixes boo#1133153 \n\n- CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c\n  in FFmpeg 4.0 allowed remote attackers to cause a denial of service\n  (out-of-array access) or possibly have unspecified. (bsc#1133153)\n- For other changes see /usr/share/doc/packages/libavcodec58/Changelog\n\nUpdate to version 4.2.1:\n\n* Stable bug fix release, mainly codecs and format fixes.\n\n- CVE-2019-15942: Conditional jump or move depends on uninitialised value' issue in h2645_parse (boo#1149839)\n\nUpdate to FFmpeg 4.2 'Ada'\n\n* tpad filter\n* AV1 decoding support through libdav1d\n* dedot filter\n* chromashift and rgbashift filters\n* freezedetect filter\n* truehd_core bitstream filter\n* dhav demuxer\n* PCM-DVD encoder\n* GIF parser\n* vividas demuxer\n* hymt decoder\n* anlmdn filter\n* maskfun filter\n* hcom demuxer and decoder\n* ARBC decoder\n* libaribb24 based ARIB STD-B24 caption support (profiles A and C)\n* Support decoding of HEVC 4:4:4 content in nvdec and cuviddec\n* removed libndi-newtek\n* agm decoder\n* KUX demuxer\n* AV1 frame split bitstream filter\n* lscr decoder\n* lagfun filter\n* asoftclip filter\n* Support decoding of HEVC 4:4:4 content in vdpau\n* colorhold filter\n* xmedian filter\n* asr filter\n* showspatial multimedia filter\n* VP4 video decoder\n* IFV demuxer\n* derain filter\n* deesser filter\n* mov muxer writes tracks with unspecified language instead of English by default\n* added support for using clang to compile CUDA kernels\n\n- See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog.\n\nUpdate to version 4.1.4\n\n* See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog.\n\n- Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen\n\nUpdate to version 4.1.3:\n\n* Updates and bug fixes for codecs, filters and formats.\n  [boo#1133153, boo#1133155, CVE-2019-11338, CVE-2019-11339]\n\nUpdate to version 4.1.2:\n\n* Updates and bug fixes for codecs, filters and formats.\n\nUpdate to version 4.1.1:\n\n* Various filter and codec fixes and enhancements.\n* configure: Add missing xlib dependency for VAAPI X11 code.\n* For complete changelog, see /usr/share/doc/packages/ffmpeg-4/Changelog\n* enable AV1 support on x86_64\n\nUpdate ffmpeg to 4.1:\n\n* Lots of filter updates as usual: deblock, tmix, aplify,\n  fftdnoiz, aderivative, aintegral, pal75bars, pal100bars,\n  adeclick, adeclip, lensfun (wrapper), colorconstancy, 1D LUT\n  filter (lut1d), cue, acue, transpose_npp, amultiply,\n  Block-Matching 3d (bm3d) denoising filter, acrossover filter,\n  audio denoiser as afftdn filter, sinc audio filter source,\n  chromahold, setparams, vibrance, xstack,\n  (a)graphmonitor filter yadif_cuda filter.\n* AV1 parser\n* Support for AV1 in MP4\n* PCM VIDC decoder and encoder\n* libtensorflow backend for DNN based filters like srcnn\n* -- The following only enabled in third-party builds:\n* ATRAC9 decoder\n* AVS2 video decoder via libdavs2\n* IMM4 video decoder\n* Brooktree ProSumer video decoder\n* MatchWare Screen Capture Codec decoder\n* WinCam Motion Video decoder\n* RemotelyAnywhere Screen Capture decoder\n* AVS2 video encoder via libxavs2\n* ILBC decoder\n* SER demuxer\n* Decoding S12M timecode in H264\n* For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1\n\nUpdate ffmpeg to 4.0.3:\n\n* For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3\n\n- CVE-2018-13305: Added a missing check for negative values of mqaunt variable (boo#1100345).\n\n","id":"openSUSE-SU-2020:0024-1","modified":"2020-01-13T15:18:52Z","published":"2020-01-13T15:18:52Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BENAOQWJIO5XL2GAHMLNOYWYAO26XGQM/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1100345"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133123"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133153"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133155"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149839"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-17555"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13305"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11338"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11339"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15942"}],"related":["CVE-2017-17555","CVE-2018-13305","CVE-2019-11338","CVE-2019-11339","CVE-2019-15942"],"summary":"Security update for ffmpeg-4","upstream":["CVE-2017-17555","CVE-2018-13305","CVE-2019-11338","CVE-2019-11339","CVE-2019-15942"]}