What is the severity of USN-6449-1?

The severity of USN-6449-1 is categorized as high due to the potential for denial of service via application crash.

How do I fix USN-6449-1?

To fix USN-6449-1, upgrade affected packages to versions 7:4.4.2-0ubuntu0.22.04.1+esm2 for Ubuntu 22.04 or 7:4.2.7-0ubuntu0.1+esm3 for 20.04.

Which versions of Ubuntu are affected by USN-6449-1?

USN-6449-1 affects Ubuntu versions 18.04 LTS and 20.04 LTS.

What software is impacted by USN-6449-1?

USN-6449-1 impacts the FFmpeg package and various related libraries such as libavcodec, libavformat, and libavfilter.

Is there a workaround for USN-6449-1?

While there is no official workaround for USN-6449-1, the only safe action is to apply the recommended package updates.

Vulnerability/
USN-6449-1

CWE

190

24/10/2023

USN-6449-1: FFmpeg vulnerabilities

First published: Tue Oct 24 2023(Updated: )

It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22038) It was discovered that FFmpeg incorrectly handled certain input files, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-20898, CVE-2021-38090, CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094) It was discovered that FFmpeg incorrectly managed memory, resulting in a memory leak. If a user or automated system were tricked into processing a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. (CVE-2022-48434)

Affected Software	Affected Version	How to fix
All of
ubuntu/ffmpeg	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavcodec-extra	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavcodec-extra58	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavcodec58	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavdevice58	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavfilter-extra	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavfilter-extra7	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavfilter7	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavformat-extra	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavformat-extra58	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavformat58	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libavutil56	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libpostproc55	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libswresample3	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libswscale-dev	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/libswscale5	<7:4.4.2-0ubuntu0.22.04.1+esm2	7:4.4.2-0ubuntu0.22.04.1+esm2
Ubuntu	=22.04
All of
ubuntu/ffmpeg	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libavcodec-extra	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libavcodec-extra58	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libavcodec58	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libavdevice58	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libavfilter-extra	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libavfilter-extra7	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libavfilter7	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libavformat58	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libavresample4	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libavutil56	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libpostproc55	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libswresample3	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/libswscale5	<7:4.2.7-0ubuntu0.1+esm3	7:4.2.7-0ubuntu0.1+esm3
Ubuntu	=20.04
All of
ubuntu/ffmpeg	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libavcodec-extra	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libavcodec-extra57	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libavcodec57	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libavdevice57	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libavfilter-extra	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libavfilter-extra6	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libavfilter6	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libavformat57	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libavresample3	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libavutil55	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libpostproc54	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libswresample2	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04
All of
ubuntu/libswscale4	<7:3.4.11-0ubuntu0.1+esm3	7:3.4.11-0ubuntu0.1+esm3
Ubuntu	=18.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-6449-1?
The severity of USN-6449-1 is categorized as high due to the potential for denial of service via application crash.
How do I fix USN-6449-1?
To fix USN-6449-1, upgrade affected packages to versions 7:4.4.2-0ubuntu0.22.04.1+esm2 for Ubuntu 22.04 or 7:4.2.7-0ubuntu0.1+esm3 for 20.04.
Which versions of Ubuntu are affected by USN-6449-1?
USN-6449-1 affects Ubuntu versions 18.04 LTS and 20.04 LTS.
What software is impacted by USN-6449-1?
USN-6449-1 impacts the FFmpeg package and various related libraries such as libavcodec, libavformat, and libavfilter.
Is there a workaround for USN-6449-1?
While there is no official workaround for USN-6449-1, the only safe action is to apply the recommended package updates.

agent/severity
agent/type
agent/last-modified-date
agent/first-publish-date
agent/title
agent/weakness
agent/references
agent/description
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu
version/ubuntu/22.04
version/ubuntu/20.04
version/ubuntu/18.04