FFmpeg Security Update Advisory (CVE-2024-22860, CVE-2024-22861, CVE-2024-22862)

Jan 30 2024

Overview

An update has been made available to fix vulnerabilities in FFmpeg(https://ffmpeg.org/). Users of affected versions are advised to update to the latest version.

Affected Products

All versions of FFmpeg below n6.1

Resolved Vulnerabilities

CVE-2024-22860, CVE-2024-22861, CVE-2024-22862

Integer overflow vulnerability in FFmpeg

Vulnerability Patches

Vulnerability patches were made available in the September 4 and 15, 2023 updates. Users of all versions of FFmpeg below n6.1 are advised to update to the latest vulnerability patches for the following vulnerabilities

CVE-2024-22860, CVE-2024-22861, CVE-2024-22862

FFmpeg n6.1, n6.1.1, n6.2-dev versions

Referenced Sites

[1] avformat/jpegxl_anim_dec: Check that size fits within argument
https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5
[2] avcodec/osq: fix type of nb_samples
https://github.com/FFmpeg/FFmpeg/commit/87b8c1081959e45ffdcbabb3d53ac9882ef2b5ce
[3] avcodec/jpegxl_parser: Check for ctx->skip overflow
https://github.com/FFmpeg/FFmpeg/commit/ca09d8a0dcd82e3128e62463231296aaf63ae6f7
[4] CVE-2024-22860 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-22860
[5] CVE-2024-22861 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-22861
[6] CVE-2024-22862 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-22862

FFmpeg Security Update Advisory (CVE-2024-22860, CVE-2024-22861, CVE-2024-22862)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

WordPress Product Security Update Advisory (CVE-2023-6933)

Runc Package Security Update Advisory (CVE-2024-21626)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

WordPress Product Security Update Advisory (CVE-2023-6933)

Runc Package Security Update Advisory (CVE-2024-21626)