USN-3967-1: FFmpeg vulnerabilities

USN-3967-1: FFmpeg vulnerabilities

FFmpeg vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 19.04
• Ubuntu 18.10
• Ubuntu 18.04 LTS

Summary

FFmpeg could be made to crash if it opened a specially crafted
file.

Software Description

• ffmpeg – Tools for transcoding, streaming and playing of multimedia files

Details

It was discovered that FFmpeg contained multiple security issues when handling
certain multimedia files. If a user were tricked into opening a crafted
multimedia file, an attacker could cause a denial of service via application
crash.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04

ffmpeg – 7:4.1.3-0ubuntu1

libavcodec-extra58 – 7:4.1.3-0ubuntu1

libavcodec58 – 7:4.1.3-0ubuntu1

libavdevice58 – 7:4.1.3-0ubuntu1

libavfilter-extra7 – 7:4.1.3-0ubuntu1

libavfilter7 – 7:4.1.3-0ubuntu1

libavformat58 – 7:4.1.3-0ubuntu1

libavresample4 – 7:4.1.3-0ubuntu1

libavutil56 – 7:4.1.3-0ubuntu1

libpostproc55 – 7:4.1.3-0ubuntu1

libswresample3 – 7:4.1.3-0ubuntu1

libswscale5 – 7:4.1.3-0ubuntu1

Ubuntu 18.10

ffmpeg – 7:4.0.4-0ubuntu1

libavcodec-extra58 – 7:4.0.4-0ubuntu1

libavcodec58 – 7:4.0.4-0ubuntu1

libavdevice58 – 7:4.0.4-0ubuntu1

libavfilter-extra7 – 7:4.0.4-0ubuntu1

libavfilter7 – 7:4.0.4-0ubuntu1

libavformat58 – 7:4.0.4-0ubuntu1

libavresample4 – 7:4.0.4-0ubuntu1

libavutil56 – 7:4.0.4-0ubuntu1

libpostproc55 – 7:4.0.4-0ubuntu1

libswresample3 – 7:4.0.4-0ubuntu1

libswscale5 – 7:4.0.4-0ubuntu1

Ubuntu 18.04 LTS

ffmpeg – 7:3.4.6-0ubuntu0.18.04.1

libavcodec-extra57 – 7:3.4.6-0ubuntu0.18.04.1

libavcodec57 – 7:3.4.6-0ubuntu0.18.04.1

libavdevice57 – 7:3.4.6-0ubuntu0.18.04.1

libavfilter-extra6 – 7:3.4.6-0ubuntu0.18.04.1

libavfilter6 – 7:3.4.6-0ubuntu0.18.04.1

libavformat57 – 7:3.4.6-0ubuntu0.18.04.1

libavresample3 – 7:3.4.6-0ubuntu0.18.04.1

libavutil55 – 7:3.4.6-0ubuntu0.18.04.1

libpostproc54 – 7:3.4.6-0ubuntu0.18.04.1

libswresample2 – 7:3.4.6-0ubuntu0.18.04.1

libswscale4 – 7:3.4.6-0ubuntu0.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2018-15822
• CVE-2019-11338
• CVE-2019-11339
• CVE-2019-9718
• CVE-2019-9721

Source: USN-3967-1: FFmpeg vulnerabilities