ALT Linux Team

Package ffmpeg update in p10_e2k on 2024-12-31

ALT-PU-2024-17874-1

Package ffmpeg updated to version 4.4.5-alt2 for branch p10_e2k.

Closed vulnerabilities

Published: 2023-11-06

BDU:2024-00245

Уязвимость мультимедийной библиотеки FFmpeg, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привелегии

Severity: MEDIUM (5.5) Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2024-08-06

BDU:2024-09901

Уязвимость функции pnm_decode_frame() (/libavcodec/pnmdec.c) мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.2) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
References:

CVE-2023-47342

No data currently available.

Published: 2024-08-06
Modified: 2024-08-06

CVE-2024-7055

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top