Ubuntu Security Notice 6803-1 - Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 24.04 LTS. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
791bb40a4c8f9acb0292a309c51863cc9ae4a462faabf1d22932877c8c7196c1
==========================================================================
Ubuntu Security Notice USN-6803-1
May 30, 2024
ffmpeg vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
FFmpeg could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files
Details:
Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-49501)
Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2023-49502)
Zhang Ling and Zeng Yunxiang discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 23.10 and
Ubuntu 24.04 LTS. (CVE-2023-49528)
Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2023-50007)
Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 23.10 and
Ubuntu 24.04 LTS. (CVE-2023-50008)
Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 23.10. (CVE-2023-50009)
Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-50010)
Zeng Yunxiang and Li Zeyuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 23.10 and
Ubuntu 24.04 LTS. (CVE-2023-51793)
Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-51794, CVE-2023-51798)
Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 23.10. (CVE-2023-51795, CVE-2023-51796)
It was discovered that discovered that FFmpeg incorrectly handled certain
input files. An attacker could possibly use this issue to cause FFmpeg to
crash, resulting in a denial of service, or potential arbitrary code
execution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2024-31578)
It was discovered that discovered that FFmpeg incorrectly handled certain
input files. An attacker could possibly use this issue to cause FFmpeg to
crash, resulting in a denial of service, or potential arbitrary code
execution. This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-31582)
It was discovered that discovered that FFmpeg incorrectly handled certain
input files. An attacker could possibly use this issue to cause FFmpeg to
crash, resulting in a denial of service, or potential arbitrary code
execution. This issue only affected Ubuntu 23.10. (CVE-2024-31585)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
ffmpeg 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libavcodec-extra60 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libavcodec60 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libavdevice60 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libavfilter-extra9 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libavfilter9 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libavformat-extra60 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libavformat60 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libavutil58 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libpostproc57 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libswresample4 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
libswscale7 7:6.1.1-3ubuntu5+esm1
Available with Ubuntu Pro
Ubuntu 23.10
ffmpeg 7:6.0-6ubuntu1.1
libavcodec-extra60 7:6.0-6ubuntu1.1
libavcodec60 7:6.0-6ubuntu1.1
libavdevice60 7:6.0-6ubuntu1.1
libavfilter-extra9 7:6.0-6ubuntu1.1
libavfilter9 7:6.0-6ubuntu1.1
libavformat-extra60 7:6.0-6ubuntu1.1
libavformat60 7:6.0-6ubuntu1.1
libavutil58 7:6.0-6ubuntu1.1
libpostproc57 7:6.0-6ubuntu1.1
libswresample4 7:6.0-6ubuntu1.1
libswscale7 7:6.0-6ubuntu1.1
Ubuntu 22.04 LTS
ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libavformat-extra 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm4
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ffmpeg 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavcodec58 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavdevice58 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavfilter7 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavformat58 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavresample4 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavutil56 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libpostproc55 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libswresample3 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
libswscale5 7:4.2.7-0ubuntu0.1+esm5
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ffmpeg 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavcodec57 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavdevice57 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavfilter6 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavformat57 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavresample3 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libavutil55 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libpostproc54 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libswresample2 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
libswscale4 7:3.4.11-0ubuntu0.1+esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ffmpeg 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6803-1
CVE-2023-49501, CVE-2023-49502, CVE-2023-49528, CVE-2023-50007,
CVE-2023-50008, CVE-2023-50009, CVE-2023-50010, CVE-2023-51793,
CVE-2023-51794, CVE-2023-51795, CVE-2023-51796, CVE-2023-51798,
CVE-2024-31578, CVE-2024-31582, CVE-2024-31585
Package Information:
https://launchpad.net/ubuntu/+source/ffmpeg/7:6.0-6ubuntu1.1