{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"ffmpeg security update", "category":"general", "title":"Synopsis" }, { "text":"An update for ffmpeg is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nA vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.(CVE-2024-7055)", "category":"general", "title":"Description" }, { "text":"An update for ffmpeg is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"ffmpeg", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-2075", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2075" }, { "summary":"CVE-2024-7055", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-7055&packageName=ffmpeg" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7055" }, { "summary":"openEuler-SA-2024-2075 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-2075.json" } ], "title":"An update for ffmpeg is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2024-08-30T20:25:33+08:00", "revision_history":[ { "date":"2024-08-30T20:25:33+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2024-08-30T20:25:33+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-08-30T20:25:33+08:00", "id":"openEuler-SA-2024-2075", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-6.1.1-13.oe2403.x86_64.rpm", "name":"ffmpeg-6.1.1-13.oe2403.x86_64.rpm" }, "name":"ffmpeg-6.1.1-13.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64.rpm", "name":"ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64.rpm" }, "name":"ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-debugsource-6.1.1-13.oe2403.x86_64.rpm", "name":"ffmpeg-debugsource-6.1.1-13.oe2403.x86_64.rpm" }, "name":"ffmpeg-debugsource-6.1.1-13.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-devel-6.1.1-13.oe2403.x86_64.rpm", "name":"ffmpeg-devel-6.1.1-13.oe2403.x86_64.rpm" }, "name":"ffmpeg-devel-6.1.1-13.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-libs-6.1.1-13.oe2403.x86_64.rpm", "name":"ffmpeg-libs-6.1.1-13.oe2403.x86_64.rpm" }, "name":"ffmpeg-libs-6.1.1-13.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libavdevice-6.1.1-13.oe2403.x86_64.rpm", "name":"libavdevice-6.1.1-13.oe2403.x86_64.rpm" }, "name":"libavdevice-6.1.1-13.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-6.1.1-13.oe2403.aarch64.rpm", "name":"ffmpeg-6.1.1-13.oe2403.aarch64.rpm" }, "name":"ffmpeg-6.1.1-13.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64.rpm", "name":"ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64.rpm" }, "name":"ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-debugsource-6.1.1-13.oe2403.aarch64.rpm", "name":"ffmpeg-debugsource-6.1.1-13.oe2403.aarch64.rpm" }, "name":"ffmpeg-debugsource-6.1.1-13.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-devel-6.1.1-13.oe2403.aarch64.rpm", "name":"ffmpeg-devel-6.1.1-13.oe2403.aarch64.rpm" }, "name":"ffmpeg-devel-6.1.1-13.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-libs-6.1.1-13.oe2403.aarch64.rpm", "name":"ffmpeg-libs-6.1.1-13.oe2403.aarch64.rpm" }, "name":"ffmpeg-libs-6.1.1-13.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libavdevice-6.1.1-13.oe2403.aarch64.rpm", "name":"libavdevice-6.1.1-13.oe2403.aarch64.rpm" }, "name":"libavdevice-6.1.1-13.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-6.1.1-13.oe2403.src.rpm", "name":"ffmpeg-6.1.1-13.oe2403.src.rpm" }, "name":"ffmpeg-6.1.1-13.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-6.1.1-13.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.x86_64", "name":"ffmpeg-6.1.1-13.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64", "name":"ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-debugsource-6.1.1-13.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-13.oe2403.x86_64", "name":"ffmpeg-debugsource-6.1.1-13.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-devel-6.1.1-13.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-13.oe2403.x86_64", "name":"ffmpeg-devel-6.1.1-13.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-libs-6.1.1-13.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-13.oe2403.x86_64", "name":"ffmpeg-libs-6.1.1-13.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libavdevice-6.1.1-13.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libavdevice-6.1.1-13.oe2403.x86_64", "name":"libavdevice-6.1.1-13.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-6.1.1-13.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.aarch64", "name":"ffmpeg-6.1.1-13.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64", "name":"ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-debugsource-6.1.1-13.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-13.oe2403.aarch64", "name":"ffmpeg-debugsource-6.1.1-13.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-devel-6.1.1-13.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-13.oe2403.aarch64", "name":"ffmpeg-devel-6.1.1-13.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-libs-6.1.1-13.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-13.oe2403.aarch64", "name":"ffmpeg-libs-6.1.1-13.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libavdevice-6.1.1-13.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libavdevice-6.1.1-13.oe2403.aarch64", "name":"libavdevice-6.1.1-13.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-6.1.1-13.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.src", "name":"ffmpeg-6.1.1-13.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-7055", "notes":[ { "text":"A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:libavdevice-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:libavdevice-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:libavdevice-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:libavdevice-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.src" ], "details":"ffmpeg security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2075" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:libavdevice-6.1.1-13.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:libavdevice-6.1.1-13.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-6.1.1-13.oe2403.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-7055" } ] }