==========================================================================
Ubuntu Security Notice USN-6803-1
May 30, 2024

ffmpeg vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

FFmpeg could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-49501)

Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2023-49502)

Zhang Ling and Zeng Yunxiang discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 23.10 and
Ubuntu 24.04 LTS. (CVE-2023-49528)

Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2023-50007)

Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 23.10 and
Ubuntu 24.04 LTS. (CVE-2023-50008)

Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 23.10. (CVE-2023-50009)

Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-50010)

Zeng Yunxiang and Li Zeyuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 23.10 and
Ubuntu 24.04 LTS. (CVE-2023-51793)

Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-51794, CVE-2023-51798)

Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 23.10. (CVE-2023-51795, CVE-2023-51796)

It was discovered that discovered that FFmpeg incorrectly handled certain
input files. An attacker could possibly use this issue to cause FFmpeg to
crash, resulting in a denial of service, or potential arbitrary code
execution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2024-31578)

It was discovered that discovered that FFmpeg incorrectly handled certain
input files. An attacker could possibly use this issue to cause FFmpeg to
crash, resulting in a denial of service, or potential arbitrary code
execution. This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-31582)

It was discovered that discovered that FFmpeg incorrectly handled certain
input files. An attacker could possibly use this issue to cause FFmpeg to
crash, resulting in a denial of service, or potential arbitrary code
execution. This issue only affected Ubuntu 23.10. (CVE-2024-31585)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   ffmpeg                          7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavcodec-extra60              7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavcodec60                    7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavdevice60                   7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavfilter-extra9              7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavfilter9                    7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavformat-extra60             7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavformat60                   7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavutil58                     7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libpostproc57                   7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libswresample4                  7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libswscale7                     7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro

Ubuntu 23.10
   ffmpeg                          7:6.0-6ubuntu1.1
   libavcodec-extra60              7:6.0-6ubuntu1.1
   libavcodec60                    7:6.0-6ubuntu1.1
   libavdevice60                   7:6.0-6ubuntu1.1
   libavfilter-extra9              7:6.0-6ubuntu1.1
   libavfilter9                    7:6.0-6ubuntu1.1
   libavformat-extra60             7:6.0-6ubuntu1.1
   libavformat60                   7:6.0-6ubuntu1.1
   libavutil58                     7:6.0-6ubuntu1.1
   libpostproc57                   7:6.0-6ubuntu1.1
   libswresample4                  7:6.0-6ubuntu1.1
   libswscale7                     7:6.0-6ubuntu1.1

Ubuntu 22.04 LTS
   ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavcodec-extra58              7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavdevice58                   7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavfilter-extra7              7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavfilter7                    7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavformat-extra               7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavformat-extra58             7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavutil56                     7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libpostproc55                   7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libswresample3                  7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libswscale5                     7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   ffmpeg                          7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec58                    7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavdevice58                   7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter7                    7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavformat58                   7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavresample4                  7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavutil56                     7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libpostproc55                   7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswresample3                  7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswscale5                     7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   ffmpeg                          7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec57                    7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavdevice57                   7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter6                    7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavformat57                   7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavresample3                  7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavutil55                     7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libpostproc54                   7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswresample2                  7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswscale4                     7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   ffmpeg                          7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavcodec-ffmpeg-extra56       7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavcodec-ffmpeg56             7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavdevice-ffmpeg56            7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavfilter-ffmpeg5             7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavformat-ffmpeg56            7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavresample-ffmpeg2           7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavutil-ffmpeg54              7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libpostproc-ffmpeg53            7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libswresample-ffmpeg1           7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libswscale-ffmpeg3              7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6803-1
   CVE-2023-49501, CVE-2023-49502, CVE-2023-49528, CVE-2023-50007,
   CVE-2023-50008, CVE-2023-50009, CVE-2023-50010, CVE-2023-51793,
   CVE-2023-51794, CVE-2023-51795, CVE-2023-51796, CVE-2023-51798,
   CVE-2024-31578, CVE-2024-31582, CVE-2024-31585

Package Information:
   https://launchpad.net/ubuntu/+source/ffmpeg/7:6.0-6ubuntu1.1

Ubuntu 6803-1: FFmpeg Security Advisory Updates

May 30, 2024
FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - ffmpeg: Tools for transcoding, streaming and playing of multimedia files Details: Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-49501) Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 18...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS ffmpeg 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavcodec-extra60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavcodec60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavdevice60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavfilter-extra9 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavfilter9 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavformat-extra60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavformat60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavutil58 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libpostproc57 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libswresample4 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libswscale7 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro Ubuntu 23.10 ffmpeg 7:6.0-6ubuntu1.1 libavcodec-extra60 7:6.0-6ubuntu1.1 libavcodec60 7:6.0-6ubuntu1.1 libavdevice60 7:6.0-6ubuntu1.1 libavfilter-extra9 7:6.0-6ubuntu1.1 libavfilter9 7:6.0-6ubuntu1.1 libavformat-extra60 7:6.0-6ubuntu1.1 libavformat60 7:6.0-6ubuntu1.1 libavutil58 7:6.0-6ubuntu1.1 libpostproc57 7:6.0-6ubuntu1.1 libswresample4 7:6.0-6ubuntu1.1 libswscale7 7:6.0-6ubuntu1.1 Ubuntu 22.04 LTS ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat-extra 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro Ubuntu 20.04 LTS ffmpeg 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavdevice58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter7 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavformat58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavresample4 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavutil56 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libpostproc55 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libswresample3 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libswscale5 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro Ubuntu 18.04 LTS ffmpeg 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavdevice57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter6 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavformat57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavresample3 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavutil55 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libpostproc54 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libswresample2 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libswscale4 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS ffmpeg 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6803-1

CVE-2023-49501, CVE-2023-49502, CVE-2023-49528, CVE-2023-50007,

CVE-2023-50008, CVE-2023-50009, CVE-2023-50010, CVE-2023-51793,

CVE-2023-51794, CVE-2023-51795, CVE-2023-51796, CVE-2023-51798,

CVE-2024-31578, CVE-2024-31582, CVE-2024-31585

Severity
Ubuntu Security Notice USN-6803-1

Package Information

https://launchpad.net/ubuntu/+source/ffmpeg/7:6.0-6ubuntu1.1

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved