Bugzilla – Bug 1190728
VUL-0: CVE-2020-20901: ffmpeg: Buffer Overflow vulnerability in function filter_frame in libavfilter/vf_fieldorder.c
Last modified: 2024-06-12 11:56:03 UTC
CVE-2020-20901 Buffer Overflow vulnerability in function filter_frame in libavfilter/vf_fieldorder.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20901 https://trac.ffmpeg.org/ticket/8264 http://git.videolan.org/?p=ffmpeg.git;a=commit;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
This is strange. The fix is already in our ffmpeg package. ffmpeg-CVE-2020-22022.patch see bsc#1186603 for details. It looks like we used the commit 07050d7bdc32d82e53ee5bb727f5882323d00dba for CVE-2020-22022, but at the end this CVE has no fix yet. We would need to fix this by having an changes entry and to rename the patch file.
(In reply to Alexander Bergmann from comment #1) > This is strange. The fix is already in our ffmpeg package. > > ffmpeg-CVE-2020-22022.patch see bsc#1186603 for details. > > It looks like we used the commit 07050d7bdc32d82e53ee5bb727f5882323d00dba > for CVE-2020-22022, but at the end this CVE has no fix yet. > > We would need to fix this by having an changes entry and to rename the patch > file. Those two bugs shares the same ticket number (#8264).
The change log has been updated and merged, it should have reference to this bug now.
SUSE-SU-2024:1468-1: An update that solves nine vulnerabilities can now be installed. Category: security (important) Bug References: 1190721, 1190724, 1190727, 1190728, 1190731, 1190732, 1223070, 1223235 CVE References: CVE-2020-20894, CVE-2020-20898, CVE-2020-20900, CVE-2020-20901, CVE-2021-38090, CVE-2021-38091, CVE-2021-38094, CVE-2023-49502, CVE-2024-31578 Maintenance Incident: [SUSE:Maintenance:32836](https://smelt.suse.de/incident/32836/) Sources used: openSUSE Leap 15.5 (src): ffmpeg-3.4.2-150200.11.41.1 Desktop Applications Module 15-SP5 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Package Hub 15 15-SP5 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): ffmpeg-3.4.2-150200.11.41.1 SUSE Enterprise Storage 7.1 (src): ffmpeg-3.4.2-150200.11.41.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.