An update for ffmpeg is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2075 Final 1.0 1.0 2024-08-30 Initial 2024-08-30 2024-08-30 openEuler SA Tool V1.0 2024-08-30 ffmpeg security update An update for ffmpeg is now available for openEuler-24.03-LTS FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fix(es): A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.(CVE-2024-7055) An update for ffmpeg is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium ffmpeg https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2075 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-7055 https://nvd.nist.gov/vuln/detail/CVE-2024-7055 openEuler-24.03-LTS ffmpeg-6.1.1-13.oe2403.x86_64.rpm ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64.rpm ffmpeg-debugsource-6.1.1-13.oe2403.x86_64.rpm ffmpeg-devel-6.1.1-13.oe2403.x86_64.rpm ffmpeg-libs-6.1.1-13.oe2403.x86_64.rpm libavdevice-6.1.1-13.oe2403.x86_64.rpm ffmpeg-6.1.1-13.oe2403.aarch64.rpm ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64.rpm ffmpeg-debugsource-6.1.1-13.oe2403.aarch64.rpm ffmpeg-devel-6.1.1-13.oe2403.aarch64.rpm ffmpeg-libs-6.1.1-13.oe2403.aarch64.rpm libavdevice-6.1.1-13.oe2403.aarch64.rpm ffmpeg-6.1.1-13.oe2403.src.rpm A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. 2024-08-30 CVE-2024-7055 openEuler-24.03-LTS Medium 6.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L ffmpeg security update 2024-08-30 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2075