-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 Aug 2021 18:31:23 +0200 Source: ffmpeg Architecture: source Version: 7:3.2.15-0+deb9u3 Distribution: stretch-security Urgency: medium Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Anton Gladky <gladk@debian.org> Changes: ffmpeg (7:3.2.15-0+deb9u3) stretch-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2020-22036: A heap-based Buffer Overflow vulnerability in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences. * CVE-2020-22032: A heap-based Buffer Overflow vulnerability in gaussian_blur, which might lead to memory corruption and other potential consequences. * CVE-2020-22031: A Heap-based Buffer Overflow vulnerability in filter16_complex_low, which might lead to memory corruption and other potential consequences. * CVE-2020-22028: Buffer Overflow vulnerability in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. * CVE-2020-22026: Buffer Overflow vulnerability exists in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. * CVE-2020-22025: A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences. * CVE-2020-22023: A heap-based Buffer Overflow vulnerabililty exists in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences. * CVE-2020-22022: A heap-based Buffer Overflow vulnerability exists in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences. * CVE-2020-22021: Buffer Overflow vulnerability at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. * CVE-2020-22020: Buffer Overflow vulnerability in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service. * CVE-2020-22016: A heap-based Buffer Overflow vulnerability at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences. * CVE-2020-22015: Buffer Overflow vulnerability in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. * CVE-2020-21041: Buffer Overflow vulnerability exists via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service * CVE-2021-3566: The tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg). * CVE-2021-38114: libavcodec/dnxhddec.c does not check the return value of the init_vlc function. Crafted DNxHD data can cause unspecified impact. Checksums-Sha1: ae4cd02b164a7c6dbece97870b33f0d9bd135270 4914 ffmpeg_3.2.15-0+deb9u3.dsc b84a30d4642d7d2c4f843b6887b2039413c8765c 47480 ffmpeg_3.2.15-0+deb9u3.debian.tar.xz 9e50aedf39ad830ef1dee370e611c235e7311116 10742 ffmpeg_3.2.15-0+deb9u3_source.buildinfo Checksums-Sha256: f7c063f692493b441a7e481e4b9e5aeaa6179809ebf1c27b0e437875cda8033a 4914 ffmpeg_3.2.15-0+deb9u3.dsc 74d174bcccb41616909d220b3d3af8477c2e64133ef3219b3192cca565c9f450 47480 ffmpeg_3.2.15-0+deb9u3.debian.tar.xz 095b797eabf7a0af5ea1f083cefe086807bcb9abf91409fc84191461e158779f 10742 ffmpeg_3.2.15-0+deb9u3_source.buildinfo Files: 8212f1d2bb84a2240619f5464d18edf1 4914 video optional ffmpeg_3.2.15-0+deb9u3.dsc c2294140155d92cefa761b892e543c12 47480 video optional ffmpeg_3.2.15-0+deb9u3.debian.tar.xz 73e99f80fe579d5e726cf0c983cd5600 10742 video optional ffmpeg_3.2.15-0+deb9u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmEX8D0ACgkQ0+Fzg8+n /wYx7w/9HNKQ/Z3Hl4S0K4/tFf8Niz5RqSotOs1zvjauH+u7+atswSicEnI7XFay G4QhST/GqlVSpx77MykcyRAfzD7PYY9NIjibnpqBCSfDjHM3NqtGt3CCMDjHCazY iKNhHW+kOJfeqfZzZ+zRTbkCDjhjK83cVmepfOoOM/8rfgnrT/JfSDLpt2yX0QGN oa9pYmmkZINNuAhaASEV6JXCU6sIWUna6gf0K2L7xsHwW1o5loGptC1sy5/2Udaw tceGqwwMGqGugAJdZ8XWSigxq4XkCtccmhhsg4WjZEKAWoH+CPtfStN3M3rVfyZl mpyq+BRzuZLuPaZVxZYvzSCwHx1ZSg5C5DXWIfiHgGthfvqWYt0Znvq+fJNMQkCW h+5cdjHiJLRe0jVVuCrVp+0zZlVjmjvyi+xCeFDkiy6C+n7cAav/NsOjGmb03QUb QFf7q02dRae+idLRZEjuv2eJ2FdOnFBWYNC/eXCPbKHyeW7go0Dg43IvK1KdhHkq 5KQAk66cMCE14RqTrzmvzekG5B5tm38CFAPeWwTstUtSJQNOv/Zvi97hVVI/JdcI PGlZxu/9XEy8cEhT+iUy0+bLzo/c4sUIFXy8h0B9t+lJPQiSvpKn9/nMEN+NQ7ye 6tSBECqldH6I1MmiDkV1GQlHVfJ2lE7m0oDHd2JlW3waXiesieo= =GdtX -----END PGP SIGNATURE-----