Bugzilla – Bug 1140754
VUL-1: CVE-2019-13390: ffmpeg: division by zero at adx_write_trailer in libavformat/rawenc.c
Last modified: 2024-05-06 13:09:14 UTC
CVE-2019-13390 In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. This may be related to two NULL pointers passed as arguments at libavcodec/frame_thread_encoder.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13390 http://www.cvedetails.com/cve/CVE-2019-13390/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13390 https://trac.ffmpeg.org/ticket/7982 https://trac.ffmpeg.org/ticket/7981 https://trac.ffmpeg.org/ticket/7979 https://trac.ffmpeg.org/ticket/7985 https://trac.ffmpeg.org/ticket/7983
The issue is not reproducible in SLE as we do not support the used codecs.
All opensuse ffmpeg versions are over v4.2, fixed, closing.
I checked again, and I think we are affected in sles, reopening: - SUSE:SLE-15-SP2:Update/ffmpeg 3.4.2 - SUSE:SLE-15:Update/ffmpeg 3.4.2 Not Affected: - SUSE:SLE-15-SP4:Update/ffmpeg-4 4.4 - openSUSE:Backports:SLE-15-SP3/ffmpeg-4 4.4 - openSUSE:Factory/ffmpeg-4 4.4.3
Reassigning to gnome-bugs
Hello Alynx, could you help on the incomplete part? Thank you.
(In reply to Yifan Jiang from comment #5) > Hello Alynx, could you help on the incomplete part? Thank you. OK, I will handle this soon.
https://build.suse.de/request/show/288422 https://build.suse.de/request/show/288423
SR was merged.
SUSE-SU-2023:0206-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1140754,1206778 CVE References: CVE-2019-13390,CVE-2022-3341 JIRA References: Sources used: openSUSE Leap 15.4 (src): ffmpeg-3.4.2-150200.11.25.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): ffmpeg-3.4.2-150200.11.25.1 SUSE Linux Enterprise Realtime Extension 15-SP3 (src): ffmpeg-3.4.2-150200.11.25.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src): ffmpeg-3.4.2-150200.11.25.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): ffmpeg-3.4.2-150200.11.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2115-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1140754, 1206778, 1209934 CVE References: CVE-2019-13390, CVE-2022-3341, CVE-2022-48434 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): ffmpeg-3.4.2-150000.4.53.2 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): ffmpeg-3.4.2-150000.4.53.2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): ffmpeg-3.4.2-150000.4.53.2 SUSE Enterprise Storage 6 (src): ffmpeg-3.4.2-150000.4.53.2 SUSE CaaS Platform 4.0 (src): ffmpeg-3.4.2-150000.4.53.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.