Overview

File _patchinfo of Package patchinfo.39217

<patchinfo incident="39217">
  <issue tracker="cve" id="2024-36618"/>
  <issue tracker="cve" id="2024-36617"/>
  <issue tracker="cve" id="2024-36616"/>
  <issue tracker="bnc" id="1234018">VUL-0: CVE-2024-36616: ffmpeg,ffmpeg-4: An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.</issue>
  <issue tracker="bnc" id="1234019">VUL-0: CVE-2024-36617: ffmpeg,ffmpeg-4: FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.</issue>
  <issue tracker="bnc" id="1234020">VUL-0: CVE-2024-36618: ffmpeg,ffmpeg-4: FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.</issue>
  <packager>qzhao</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for ffmpeg-4</summary>
  <description>This update for ffmpeg-4 fixes the following issues:

- CVE-2024-36618: Fixed integer overflow iff ULONG_MAX &lt; INT64_MAX (bsc#1234020).

New CVE references, fixed in previous release:

- CVE-2024-36617: avformat/cafdec: dont seek beyond 64bit (bsc#1234019).
- CVE-2024-36616: avformat/westwood_vqa: Fix 2g packets (bsc#1234018).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places