Lucene search

GoogleOSV:SUSE-SU-2024:2864-1

HistoryAug 09, 2024 - 7:21 a.m.

Security update for ffmpeg-4

2024-08-0907:21:31

Google

osv.dev

security update

ffmpeg-4

cve-2024-32230

cve-2023-51798

buffer overflow

floating point exception

libavfilter.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

JSON

This update for ffmpeg-4 fixes the following issues:

CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug in load_input_picture() (bsc#1227296).
CVE-2023-51798: Fixed buffer overflow via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c (bsc#1223304).

References

bugzilla.suse.com/1223304

bugzilla.suse.com/1227296

www.suse.com/security/cve/CVE-2023-51798

www.suse.com/security/cve/CVE-2024-32230

www.suse.com/support/update/announcement/2024/suse-su-20242864-1/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

JSON

Related for OSV:SUSE-SU-2024:2864-1