Bugzilla – Bug 1187852
VUL-0: CVE-2020-35965: ffmpeg: out-of-bounds write in decode_frame in libavcodec/exr.c
Last modified: 2023-01-02 14:23:06 UTC
CVE-2020-35965 decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35965 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532 https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3 https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35965 https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html https://security.gentoo.org/glsa/202105-24
SUSE-SU-2021:3521-1: An update that fixes 12 vulnerabilities is now available. Category: security (moderate) Bug References: 1186756,1187852,1189166,1190718,1190719,1190722,1190723,1190726,1190729,1190733,1190734,1190735 CVE References: CVE-2020-20891,CVE-2020-20892,CVE-2020-20895,CVE-2020-20896,CVE-2020-20899,CVE-2020-20902,CVE-2020-22037,CVE-2020-35965,CVE-2021-3566,CVE-2021-38092,CVE-2021-38093,CVE-2021-38094 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): ffmpeg-3.4.2-11.17.1 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): ffmpeg-3.4.2-11.17.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): ffmpeg-3.4.2-11.17.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): ffmpeg-3.4.2-11.17.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): ffmpeg-3.4.2-11.17.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): ffmpeg-3.4.2-11.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3521-1: An update that fixes 12 vulnerabilities is now available. Category: security (moderate) Bug References: 1186756,1187852,1189166,1190718,1190719,1190722,1190723,1190726,1190729,1190733,1190734,1190735 CVE References: CVE-2020-20891,CVE-2020-20892,CVE-2020-20895,CVE-2020-20896,CVE-2020-20899,CVE-2020-20902,CVE-2020-22037,CVE-2020-35965,CVE-2021-3566,CVE-2021-38092,CVE-2021-38093,CVE-2021-38094 JIRA References: Sources used: openSUSE Leap 15.3 (src): ffmpeg-3.4.2-11.17.1
Done.
SUSE-SU-2023:0005-1: An update that fixes 14 vulnerabilities is now available. Category: security (important) Bug References: 1186756,1186761,1187852,1189166,1190718,1190719,1190722,1190723,1190726,1190729,1190733,1190734,1190735,1206442 CVE References: CVE-2020-20891,CVE-2020-20892,CVE-2020-20895,CVE-2020-20896,CVE-2020-20899,CVE-2020-20902,CVE-2020-22037,CVE-2020-22042,CVE-2020-35965,CVE-2021-3566,CVE-2021-38092,CVE-2021-38093,CVE-2021-38094,CVE-2022-3109 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise Server for SAP 15 (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise Server 15-LTSS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Enterprise Storage 6 (src): ffmpeg-3.4.2-150000.4.44.1 SUSE CaaS Platform 4.0 (src): ffmpeg-3.4.2-150000.4.44.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.