Security update for ffmpeg SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1121-1 Final 1 1 2017-04-28T06:10:30Z current 2017-04-28T06:10:30Z 2017-04-28T06:10:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ffmpeg This update for ffmpeg to version 3.3 fixes several issues. These security issues were fixed: - CVE-2016-10190: Heap-based buffer overflow in libavformat/http.c in FFmpeg allowed remote web servers to execute arbitrary code via a negative chunk size in an HTTP response (boo#1022920) - CVE-2016-10191: Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg allowed remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches (boo#1022921) - CVE-2016-10192: Heap-based buffer overflow in ffserver.c in FFmpeg allowed remote attackers to execute arbitrary code by leveraging failure to check chunk size (boo#1022922) - CVE-2017-7859: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c (bsc#1034183). - CVE-2017-7862: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c (bsc#1034181). - CVE-2017-7863: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c (boo#1034179) - CVE-2017-7865: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c (boo#1034177) - CVE-2017-7866: FFmpeg had an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c (boo#1034176) These non-security issues were fixed: - Enable ac3 - Enable mp3 decoding - EBU R128 implementation now within ffmpeg, not relying on external library anymore - New video filters 'premultiply', 'readeia608', 'threshold', 'midequalizer' - Support for spherical videos - New decoders: 16.8 and 24.0 floating point PCM, XPM - New demuxers: MIDI Sample Dump Standard, Sample Dump eXchange demuxer - MJPEG encoding uses Optimal Huffman tables now - Native Opus encoder - Support .mov with multiple sample description tables - Removed the legacy X11 screen grabber, use XCB instead - Removed asyncts filter (use af_aresample instead) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-04/msg00106.html E-Mail link for openSUSE-SU-2017:1121-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 ffmpeg-3.3-6.6.1 libavcodec-devel-3.3-6.6.1 libavcodec57-3.3-6.6.1 libavcodec57-32bit-3.3-6.6.1 libavdevice-devel-3.3-6.6.1 libavdevice57-3.3-6.6.1 libavdevice57-32bit-3.3-6.6.1 libavfilter-devel-3.3-6.6.1 libavfilter6-3.3-6.6.1 libavfilter6-32bit-3.3-6.6.1 libavformat-devel-3.3-6.6.1 libavformat57-3.3-6.6.1 libavformat57-32bit-3.3-6.6.1 libavresample-devel-3.3-6.6.1 libavresample3-3.3-6.6.1 libavresample3-32bit-3.3-6.6.1 libavutil-devel-3.3-6.6.1 libavutil55-3.3-6.6.1 libavutil55-32bit-3.3-6.6.1 libpostproc-devel-3.3-6.6.1 libpostproc54-3.3-6.6.1 libpostproc54-32bit-3.3-6.6.1 libswresample-devel-3.3-6.6.1 libswresample2-3.3-6.6.1 libswresample2-32bit-3.3-6.6.1 libswscale-devel-3.3-6.6.1 libswscale4-3.3-6.6.1 libswscale4-32bit-3.3-6.6.1 ffmpeg-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavcodec-devel-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavcodec57-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavcodec57-32bit-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavdevice-devel-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavdevice57-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavdevice57-32bit-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavfilter-devel-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavfilter6-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavfilter6-32bit-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavformat-devel-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavformat57-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavformat57-32bit-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavresample-devel-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavresample3-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavresample3-32bit-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavutil-devel-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavutil55-3.3-6.6.1 as a component of openSUSE Leap 42.2 libavutil55-32bit-3.3-6.6.1 as a component of openSUSE Leap 42.2 libpostproc-devel-3.3-6.6.1 as a component of openSUSE Leap 42.2 libpostproc54-3.3-6.6.1 as a component of openSUSE Leap 42.2 libpostproc54-32bit-3.3-6.6.1 as a component of openSUSE Leap 42.2 libswresample-devel-3.3-6.6.1 as a component of openSUSE Leap 42.2 libswresample2-3.3-6.6.1 as a component of openSUSE Leap 42.2 libswresample2-32bit-3.3-6.6.1 as a component of openSUSE Leap 42.2 libswscale-devel-3.3-6.6.1 as a component of openSUSE Leap 42.2 libswscale4-3.3-6.6.1 as a component of openSUSE Leap 42.2 libswscale4-32bit-3.3-6.6.1 as a component of openSUSE Leap 42.2 Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. CVE-2016-10190 openSUSE Leap 42.2:ffmpeg-3.3-6.6.1 openSUSE Leap 42.2:libavcodec-devel-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavdevice-devel-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavfilter-devel-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavformat-devel-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavutil-devel-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-32bit-3.3-6.6.1 openSUSE Leap 42.2:libpostproc-devel-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswscale-devel-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-32bit-3.3-6.6.1 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00106.html https://www.suse.com/security/cve/CVE-2016-10190.html CVE-2016-10190 https://bugzilla.suse.com/1022920 SUSE Bug 1022920 Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. CVE-2016-10191 openSUSE Leap 42.2:ffmpeg-3.3-6.6.1 openSUSE Leap 42.2:libavcodec-devel-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavdevice-devel-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavfilter-devel-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavformat-devel-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavutil-devel-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-32bit-3.3-6.6.1 openSUSE Leap 42.2:libpostproc-devel-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswscale-devel-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-32bit-3.3-6.6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00106.html https://www.suse.com/security/cve/CVE-2016-10191.html CVE-2016-10191 https://bugzilla.suse.com/1022921 SUSE Bug 1022921 Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. CVE-2016-10192 openSUSE Leap 42.2:ffmpeg-3.3-6.6.1 openSUSE Leap 42.2:libavcodec-devel-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavdevice-devel-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavfilter-devel-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavformat-devel-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavutil-devel-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-32bit-3.3-6.6.1 openSUSE Leap 42.2:libpostproc-devel-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswscale-devel-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-32bit-3.3-6.6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00106.html https://www.suse.com/security/cve/CVE-2016-10192.html CVE-2016-10192 https://bugzilla.suse.com/1022922 SUSE Bug 1022922 FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c. CVE-2017-7859 openSUSE Leap 42.2:ffmpeg-3.3-6.6.1 openSUSE Leap 42.2:libavcodec-devel-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavdevice-devel-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavfilter-devel-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavformat-devel-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavutil-devel-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-32bit-3.3-6.6.1 openSUSE Leap 42.2:libpostproc-devel-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswscale-devel-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-32bit-3.3-6.6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00106.html https://www.suse.com/security/cve/CVE-2017-7859.html CVE-2017-7859 https://bugzilla.suse.com/1034183 SUSE Bug 1034183 FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c. CVE-2017-7862 openSUSE Leap 42.2:ffmpeg-3.3-6.6.1 openSUSE Leap 42.2:libavcodec-devel-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavdevice-devel-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavfilter-devel-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavformat-devel-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavutil-devel-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-32bit-3.3-6.6.1 openSUSE Leap 42.2:libpostproc-devel-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswscale-devel-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-32bit-3.3-6.6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00106.html https://www.suse.com/security/cve/CVE-2017-7862.html CVE-2017-7862 https://bugzilla.suse.com/1034181 SUSE Bug 1034181 FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. CVE-2017-7863 openSUSE Leap 42.2:ffmpeg-3.3-6.6.1 openSUSE Leap 42.2:libavcodec-devel-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavdevice-devel-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavfilter-devel-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavformat-devel-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavutil-devel-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-32bit-3.3-6.6.1 openSUSE Leap 42.2:libpostproc-devel-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswscale-devel-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-32bit-3.3-6.6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00106.html https://www.suse.com/security/cve/CVE-2017-7863.html CVE-2017-7863 https://bugzilla.suse.com/1034179 SUSE Bug 1034179 FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. CVE-2017-7865 openSUSE Leap 42.2:ffmpeg-3.3-6.6.1 openSUSE Leap 42.2:libavcodec-devel-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavdevice-devel-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavfilter-devel-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavformat-devel-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavutil-devel-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-32bit-3.3-6.6.1 openSUSE Leap 42.2:libpostproc-devel-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswscale-devel-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-32bit-3.3-6.6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00106.html https://www.suse.com/security/cve/CVE-2017-7865.html CVE-2017-7865 https://bugzilla.suse.com/1034177 SUSE Bug 1034177 FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c. CVE-2017-7866 openSUSE Leap 42.2:ffmpeg-3.3-6.6.1 openSUSE Leap 42.2:libavcodec-devel-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-3.3-6.6.1 openSUSE Leap 42.2:libavcodec57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavdevice-devel-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-3.3-6.6.1 openSUSE Leap 42.2:libavdevice57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavfilter-devel-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-3.3-6.6.1 openSUSE Leap 42.2:libavfilter6-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavformat-devel-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-3.3-6.6.1 openSUSE Leap 42.2:libavformat57-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-3.3-6.6.1 openSUSE Leap 42.2:libavresample3-32bit-3.3-6.6.1 openSUSE Leap 42.2:libavutil-devel-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-3.3-6.6.1 openSUSE Leap 42.2:libavutil55-32bit-3.3-6.6.1 openSUSE Leap 42.2:libpostproc-devel-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-3.3-6.6.1 openSUSE Leap 42.2:libpostproc54-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswresample-devel-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-3.3-6.6.1 openSUSE Leap 42.2:libswresample2-32bit-3.3-6.6.1 openSUSE Leap 42.2:libswscale-devel-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-3.3-6.6.1 openSUSE Leap 42.2:libswscale4-32bit-3.3-6.6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00106.html https://www.suse.com/security/cve/CVE-2017-7866.html CVE-2017-7866 https://bugzilla.suse.com/1034176 SUSE Bug 1034176