Bug 1078488 (CVE-2018-6392) - VUL-0: CVE-2018-6392: ffmpeg: The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1allows remote attackers to cause a denial of service (out-of-array access) via acrafted MP4 file.
Summary: VUL-0: CVE-2018-6392: ffmpeg: The filter_slice function in libavfilter/vf_tra...
Status: RESOLVED FIXED
Alias: CVE-2018-6392
Product: openSUSE Distribution
Classification: openSUSE
Component: Maintenance (show other bugs)
Version: Leap 42.3
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Jan Engelhardt
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/199143/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-31 11:26 UTC by Victor Pereira
Modified: 2024-04-22 17:15 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2018-01-31 11:26:12 UTC 
CVE-2018-6392

The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1
allows remote attackers to cause a denial of service (out-of-array access) via a
crafted MP4 file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6392
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6392.html
http://www.cvedetails.com/cve/CVE-2018-6392/
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
Comment 1 Swamp Workflow Management 2018-02-12 13:50:26 UTC 
This is an autogenerated message for OBS integration:
This bug (1078488) was mentioned in
https://build.opensuse.org/request/show/575779 42.3 / ffmpeg
Comment 2 Swamp Workflow Management 2018-02-19 14:10:47 UTC 
openSUSE-SU-2018:0470-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1064577,1066428,1069407,1070762,1072366,1078488,1079368
CVE References: CVE-2017-15186,CVE-2017-15672,CVE-2017-16840,CVE-2017-17081,CVE-2017-17555,CVE-2018-6392,CVE-2018-6621
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    ffmpeg-3.4.2-14.1
Comment 3 Swamp Workflow Management 2018-02-19 14:16:21 UTC 
openSUSE-SU-2018:0476-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1064577,1066428,1069407,1070762,1072366,1078488,1079368
CVE References: CVE-2017-15186,CVE-2017-15672,CVE-2017-16840,CVE-2017-17081,CVE-2017-17555,CVE-2018-6392,CVE-2018-6621
Sources used:
openSUSE Leap 42.3 (src):    ffmpeg-3.4.2-10.1
Comment 6 Jan Engelhardt 2018-03-08 01:05:34 UTC 
.
Comment 7 Swamp Workflow Management 2018-07-18 14:42:28 UTC 
This is an autogenerated message for OBS integration:
This bug (1078488) was mentioned in
https://build.opensuse.org/request/show/623663 15.0+42.3+Backports:SLE-12-SP2 / chromium+codec2+ffmpeg-2+ffmpeg-3+ffmpeg-4+libsodium+libvpx-1_6+zeromq
Comment 9 OBSbugzilla Bot 2024-04-22 14:25:30 UTC 
This is an autogenerated message for OBS integration:
This bug (1078488) was mentioned in
https://build.opensuse.org/request/show/1169676 Backports:SLE-15-SP5 / ffmpeg-4
Comment 10 OBSbugzilla Bot 2024-04-22 17:15:29 UTC 
This is an autogenerated message for OBS integration:
This bug (1078488) was mentioned in
https://build.opensuse.org/request/show/1169721 Backports:SLE-15-SP5 / ffmpeg-4