An update for ffmpeg is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2498 Final 1.0 1.0 2024-12-06 Initial 2024-12-06 2024-12-06 openEuler SA Tool V1.0 2024-12-06 ffmpeg security update An update for ffmpeg is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3 FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fix(es): FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.(CVE-2024-35366) FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer(CVE-2024-35367) An update for ffmpeg is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical ffmpeg https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2498 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35366 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35367 https://nvd.nist.gov/vuln/detail/CVE-2024-35366 https://nvd.nist.gov/vuln/detail/CVE-2024-35367 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 ffmpeg-4.2.4-19.oe2003sp4.aarch64.rpm ffmpeg-debuginfo-4.2.4-19.oe2003sp4.aarch64.rpm ffmpeg-debugsource-4.2.4-19.oe2003sp4.aarch64.rpm ffmpeg-devel-4.2.4-19.oe2003sp4.aarch64.rpm ffmpeg-libs-4.2.4-19.oe2003sp4.aarch64.rpm libavdevice-4.2.4-19.oe2003sp4.aarch64.rpm ffmpeg-4.2.4-19.oe2203sp1.aarch64.rpm ffmpeg-debuginfo-4.2.4-19.oe2203sp1.aarch64.rpm ffmpeg-debugsource-4.2.4-19.oe2203sp1.aarch64.rpm ffmpeg-devel-4.2.4-19.oe2203sp1.aarch64.rpm ffmpeg-libs-4.2.4-19.oe2203sp1.aarch64.rpm libavdevice-4.2.4-19.oe2203sp1.aarch64.rpm ffmpeg-6.1.1-15.oe2403.aarch64.rpm ffmpeg-debuginfo-6.1.1-15.oe2403.aarch64.rpm ffmpeg-debugsource-6.1.1-15.oe2403.aarch64.rpm ffmpeg-devel-6.1.1-15.oe2403.aarch64.rpm ffmpeg-libs-6.1.1-15.oe2403.aarch64.rpm libavdevice-6.1.1-15.oe2403.aarch64.rpm ffmpeg-4.2.4-19.oe2203sp4.aarch64.rpm ffmpeg-debuginfo-4.2.4-19.oe2203sp4.aarch64.rpm ffmpeg-debugsource-4.2.4-19.oe2203sp4.aarch64.rpm ffmpeg-devel-4.2.4-19.oe2203sp4.aarch64.rpm ffmpeg-libs-4.2.4-19.oe2203sp4.aarch64.rpm libavdevice-4.2.4-19.oe2203sp4.aarch64.rpm ffmpeg-4.2.4-19.oe2203sp3.aarch64.rpm ffmpeg-debuginfo-4.2.4-19.oe2203sp3.aarch64.rpm ffmpeg-debugsource-4.2.4-19.oe2203sp3.aarch64.rpm ffmpeg-devel-4.2.4-19.oe2203sp3.aarch64.rpm ffmpeg-libs-4.2.4-19.oe2203sp3.aarch64.rpm libavdevice-4.2.4-19.oe2203sp3.aarch64.rpm ffmpeg-4.2.4-19.oe2003sp4.src.rpm ffmpeg-4.2.4-19.oe2203sp1.src.rpm ffmpeg-6.1.1-15.oe2403.src.rpm ffmpeg-4.2.4-19.oe2203sp4.src.rpm ffmpeg-4.2.4-19.oe2203sp3.src.rpm ffmpeg-4.2.4-19.oe2003sp4.x86_64.rpm ffmpeg-debuginfo-4.2.4-19.oe2003sp4.x86_64.rpm ffmpeg-debugsource-4.2.4-19.oe2003sp4.x86_64.rpm ffmpeg-devel-4.2.4-19.oe2003sp4.x86_64.rpm ffmpeg-libs-4.2.4-19.oe2003sp4.x86_64.rpm libavdevice-4.2.4-19.oe2003sp4.x86_64.rpm ffmpeg-4.2.4-19.oe2203sp1.x86_64.rpm ffmpeg-debuginfo-4.2.4-19.oe2203sp1.x86_64.rpm ffmpeg-debugsource-4.2.4-19.oe2203sp1.x86_64.rpm ffmpeg-devel-4.2.4-19.oe2203sp1.x86_64.rpm ffmpeg-libs-4.2.4-19.oe2203sp1.x86_64.rpm libavdevice-4.2.4-19.oe2203sp1.x86_64.rpm ffmpeg-6.1.1-15.oe2403.x86_64.rpm ffmpeg-debuginfo-6.1.1-15.oe2403.x86_64.rpm ffmpeg-debugsource-6.1.1-15.oe2403.x86_64.rpm ffmpeg-devel-6.1.1-15.oe2403.x86_64.rpm ffmpeg-libs-6.1.1-15.oe2403.x86_64.rpm libavdevice-6.1.1-15.oe2403.x86_64.rpm ffmpeg-4.2.4-19.oe2203sp4.x86_64.rpm ffmpeg-debuginfo-4.2.4-19.oe2203sp4.x86_64.rpm ffmpeg-debugsource-4.2.4-19.oe2203sp4.x86_64.rpm ffmpeg-devel-4.2.4-19.oe2203sp4.x86_64.rpm ffmpeg-libs-4.2.4-19.oe2203sp4.x86_64.rpm libavdevice-4.2.4-19.oe2203sp4.x86_64.rpm ffmpeg-4.2.4-19.oe2203sp3.x86_64.rpm ffmpeg-debuginfo-4.2.4-19.oe2203sp3.x86_64.rpm ffmpeg-debugsource-4.2.4-19.oe2203sp3.x86_64.rpm ffmpeg-devel-4.2.4-19.oe2203sp3.x86_64.rpm ffmpeg-libs-4.2.4-19.oe2203sp3.x86_64.rpm libavdevice-4.2.4-19.oe2203sp3.x86_64.rpm FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. 2024-12-06 CVE-2024-35366 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H ffmpeg security update 2024-12-06 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2498 FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer 2024-12-06 CVE-2024-35367 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H ffmpeg security update 2024-12-06 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2498