GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Mar 30, 2020 6:26 pm Post subject: [ GLSA 202003-65 ] FFmpeg |
 |
|
Gentoo Linux Security Advisory
Title: FFmpeg: Multiple vulnerabilities (GLSA 202003-65)
Severity: normal
Exploitable: local, remote
Date: 2020-03-30
Bug(s): #660924, #692418, #711144
ID: 202003-65
Synopsis
Multiple vulnerabilities have been found in FFmpeg, the worst of
which allows remote attackers to execute arbitrary code.
Background
FFmpeg is a complete, cross-platform solution to record, convert and
stream audio and video.
Affected Packages
Package: media-video/ffmpeg
Vulnerable: >= 4
Unaffected: >= 4.2.0
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in FFmpeg. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user or automated system using FFmpeg
to process a specially crafted file, resulting in the execution of
arbitrary code or a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All FFmpeg 4.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/ffmpeg-4.2.0"
|
References
CVE-2018-10001
CVE-2018-6912
CVE-2018-7557
CVE-2018-7751
CVE-2018-9841
CVE-2019-12730
CVE-2019-13312
CVE-2019-13390
CVE-2019-17539
CVE-2019-17542 |
|
News & Announcements
