========================================================================== Ubuntu Security Notice USN-6803-1 May 30, 2024 ffmpeg vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - ffmpeg: Tools for transcoding, streaming and playing of multimedia files Details: Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-49501) Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2023-49502) Zhang Ling and Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2023-49528) Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2023-50007) Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2023-50008) Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 23.10. (CVE-2023-50009) Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-50010) Zeng Yunxiang and Li Zeyuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2023-51793) Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-51794, CVE-2023-51798) Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 23.10. (CVE-2023-51795, CVE-2023-51796) It was discovered that discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2024-31578) It was discovered that discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2024-31582) It was discovered that discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 23.10. (CVE-2024-31585) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS ffmpeg 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavcodec-extra60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavcodec60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavdevice60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavfilter-extra9 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavfilter9 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavformat-extra60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavformat60 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libavutil58 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libpostproc57 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libswresample4 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro libswscale7 7:6.1.1-3ubuntu5+esm1 Available with Ubuntu Pro Ubuntu 23.10 ffmpeg 7:6.0-6ubuntu1.1 libavcodec-extra60 7:6.0-6ubuntu1.1 libavcodec60 7:6.0-6ubuntu1.1 libavdevice60 7:6.0-6ubuntu1.1 libavfilter-extra9 7:6.0-6ubuntu1.1 libavfilter9 7:6.0-6ubuntu1.1 libavformat-extra60 7:6.0-6ubuntu1.1 libavformat60 7:6.0-6ubuntu1.1 libavutil58 7:6.0-6ubuntu1.1 libpostproc57 7:6.0-6ubuntu1.1 libswresample4 7:6.0-6ubuntu1.1 libswscale7 7:6.0-6ubuntu1.1 Ubuntu 22.04 LTS ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat-extra 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm4 Available with Ubuntu Pro Ubuntu 20.04 LTS ffmpeg 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavdevice58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter7 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavformat58 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavresample4 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libavutil56 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libpostproc55 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libswresample3 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro libswscale5 7:4.2.7-0ubuntu0.1+esm5 Available with Ubuntu Pro Ubuntu 18.04 LTS ffmpeg 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavcodec57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavdevice57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavfilter6 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavformat57 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavresample3 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libavutil55 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libpostproc54 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libswresample2 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro libswscale4 7:3.4.11-0ubuntu0.1+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS ffmpeg 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm7 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6803-1 CVE-2023-49501, CVE-2023-49502, CVE-2023-49528, CVE-2023-50007, CVE-2023-50008, CVE-2023-50009, CVE-2023-50010, CVE-2023-51793, CVE-2023-51794, CVE-2023-51795, CVE-2023-51796, CVE-2023-51798, CVE-2024-31578, CVE-2024-31582, CVE-2024-31585 Package Information: https://launchpad.net/ubuntu/+source/ffmpeg/7:6.0-6ubuntu1.1