Bug 1154064 - (CVE-2019-17542) VUL-0: CVE-2019-17542: ffmpeg: heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
(CVE-2019-17542)
VUL-0: CVE-2019-17542: ffmpeg: heap-based buffer overflow in vqa_decode_chunk...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/244833/
CVSSv3:SUSE:CVE-2019-17542:4.4:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-10-15 12:17 UTC by Robert Frohl
Modified: 2020-07-07 16:13 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Robert Frohl 2019-11-18 10:49:33 UTC
tracking as affected:
- SUSE:SLE-15:Update
Comment 4 Cliff Zhao 2019-11-21 03:17:30 UTC
For the request has been accepted, Maybe it can be forward to our security team now. if there has any problem, please ping me. Thanks!
Comment 5 Swamp Workflow Management 2019-12-05 14:11:38 UTC
SUSE-SU-2019:3184-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1100352,1129715,1137526,1154064
CVE References: CVE-2018-13301,CVE-2019-12730,CVE-2019-17542,CVE-2019-9718
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    ffmpeg-3.4.2-4.27.1
SUSE Linux Enterprise Workstation Extension 15 (src):    ffmpeg-3.4.2-4.27.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    ffmpeg-3.4.2-4.27.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    ffmpeg-3.4.2-4.27.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    ffmpeg-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    ffmpeg-3.4.2-4.27.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    ffmpeg-3.4.2-4.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Alexandros Toptsoglou 2020-04-28 12:58:24 UTC
Done
Comment 7 Swamp Workflow Management 2020-07-07 16:13:20 UTC
SUSE-SU-2019:3184-2: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1100352,1129715,1137526,1154064
CVE References: CVE-2018-13301,CVE-2019-12730,CVE-2019-17542,CVE-2019-9718
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    ffmpeg-3.4.2-4.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.