Bugzilla – Bug 1206778
VUL-0: CVE-2022-3341: ffmpeg-4,ffmpeg: null pointer dereference in decode_main_header() in libavformat/nutdec.c
Last modified: 2024-05-03 09:37:34 UTC
rh#2157054 An issue was discovered in the FFmpeg in decode_main_header in libavformat/nutdec.c lacks check of the return value of avformat_new_stream() and will cause the null pointer dereference. https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e References: https://bugzilla.redhat.com/show_bug.cgi?id=2157054 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3341
Affected: - SUSE:SLE-15-SP2:Update/ffmpeg 3.4.2 - SUSE:SLE-15:Update/ffmpeg 3.4.2 - SUSE:SLE-15-SP4:Update/ffmpeg-4 4.4 - openSUSE:Backports:SLE-15-SP3/ffmpeg-4 4.4 - openSUSE:Factory/ffmpeg-4 4.4.3
https://build.opensuse.org/request/show/1059895 https://build.opensuse.org/request/show/1059896
https://build.suse.de/request/show/288606 https://build.suse.de/request/show/288607 https://build.suse.de/request/show/288609
SUSE-SU-2023:0172-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1206778 CVE References: CVE-2022-3341 JIRA References: Sources used: openSUSE Leap 15.4 (src): ffmpeg-4-4.4-150400.3.11.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): ffmpeg-4-4.4-150400.3.11.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src): ffmpeg-4-4.4-150400.3.11.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): ffmpeg-4-4.4-150400.3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:0206-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1140754,1206778 CVE References: CVE-2019-13390,CVE-2022-3341 JIRA References: Sources used: openSUSE Leap 15.4 (src): ffmpeg-3.4.2-150200.11.25.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): ffmpeg-3.4.2-150200.11.25.1 SUSE Linux Enterprise Realtime Extension 15-SP3 (src): ffmpeg-3.4.2-150200.11.25.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src): ffmpeg-3.4.2-150200.11.25.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): ffmpeg-3.4.2-150200.11.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2115-1: An update that solves three vulnerabilities can now be installed. Category: security (important) Bug References: 1140754, 1206778, 1209934 CVE References: CVE-2019-13390, CVE-2022-3341, CVE-2022-48434 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): ffmpeg-3.4.2-150000.4.53.2 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): ffmpeg-3.4.2-150000.4.53.2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): ffmpeg-3.4.2-150000.4.53.2 SUSE Enterprise Storage 6 (src): ffmpeg-3.4.2-150000.4.53.2 SUSE CaaS Platform 4.0 (src): ffmpeg-3.4.2-150000.4.53.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1206778) was mentioned in https://build.opensuse.org/request/show/1169676 Backports:SLE-15-SP5 / ffmpeg-4
This is an autogenerated message for OBS integration: This bug (1206778) was mentioned in https://build.opensuse.org/request/show/1169721 Backports:SLE-15-SP5 / ffmpeg-4
done, closing