Bugzilla – Bug 1190722
VUL-0: CVE-2020-20895: ffmpeg: Buffer Overflow vulnerability in function filter_vertically_##name in libavfilter/vf_avgblur.c
Last modified: 2023-01-02 14:23:23 UTC
CVE-2020-20895 Buffer Overflow vulnerability in function filter_vertically_##name in libavfilter/vf_avgblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20895 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f069a9c2a65bc20c3462127623127df6dfd06c5b https://trac.ffmpeg.org/ticket/8274
Commit can be applied nicely to 3.4.2.
SUSE-SU-2021:3521-1: An update that fixes 12 vulnerabilities is now available. Category: security (moderate) Bug References: 1186756,1187852,1189166,1190718,1190719,1190722,1190723,1190726,1190729,1190733,1190734,1190735 CVE References: CVE-2020-20891,CVE-2020-20892,CVE-2020-20895,CVE-2020-20896,CVE-2020-20899,CVE-2020-20902,CVE-2020-22037,CVE-2020-35965,CVE-2021-3566,CVE-2021-38092,CVE-2021-38093,CVE-2021-38094 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): ffmpeg-3.4.2-11.17.1 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): ffmpeg-3.4.2-11.17.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): ffmpeg-3.4.2-11.17.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): ffmpeg-3.4.2-11.17.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): ffmpeg-3.4.2-11.17.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): ffmpeg-3.4.2-11.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3521-1: An update that fixes 12 vulnerabilities is now available. Category: security (moderate) Bug References: 1186756,1187852,1189166,1190718,1190719,1190722,1190723,1190726,1190729,1190733,1190734,1190735 CVE References: CVE-2020-20891,CVE-2020-20892,CVE-2020-20895,CVE-2020-20896,CVE-2020-20899,CVE-2020-20902,CVE-2020-22037,CVE-2020-35965,CVE-2021-3566,CVE-2021-38092,CVE-2021-38093,CVE-2021-38094 JIRA References: Sources used: openSUSE Leap 15.3 (src): ffmpeg-3.4.2-11.17.1
Done.
SUSE-SU-2023:0005-1: An update that fixes 14 vulnerabilities is now available. Category: security (important) Bug References: 1186756,1186761,1187852,1189166,1190718,1190719,1190722,1190723,1190726,1190729,1190733,1190734,1190735,1206442 CVE References: CVE-2020-20891,CVE-2020-20892,CVE-2020-20895,CVE-2020-20896,CVE-2020-20899,CVE-2020-20902,CVE-2020-22037,CVE-2020-22042,CVE-2020-35965,CVE-2021-3566,CVE-2021-38092,CVE-2021-38093,CVE-2021-38094,CVE-2022-3109 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise Server for SAP 15 (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise Server 15-LTSS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): ffmpeg-3.4.2-150000.4.44.1 SUSE Enterprise Storage 6 (src): ffmpeg-3.4.2-150000.4.44.1 SUSE CaaS Platform 4.0 (src): ffmpeg-3.4.2-150000.4.44.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.