CVE-2017-7866

Upstream information

CVE-2017-7866 at MITRE

Description

FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

CVSS v3 Scores
	National Vulnerability Database
Base Score	9.8
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Access Vector	Network
Access Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High
CVSSv3 Version	3

SUSE Bugzilla entry: 1034176 [RESOLVED]

SUSE Security Advisories:

openSUSE-SU-2017:1121-1, published Fri, 28 Apr 2017 12:08:41 +0200 (CEST)
openSUSE-SU-2017:1433-1, published Mon, 29 May 2017 18:09:13 +0200 (CEST)
openSUSE-SU-2017:1532-1, published Sun, 11 Jun 2017 15:12:13 +0200 (CEST)
openSUSE-SU-2017:2502-1, published Sat, 16 Sep 2017 00:12:39 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Module for Desktop Applications 15 SP1	`libavcodec57 >= 3.4.2-4.12.4` `libavutil-devel >= 3.4.2-4.12.4` `libavutil55 >= 3.4.2-4.12.4` `libpostproc-devel >= 3.4.2-4.12.4` `libpostproc54 >= 3.4.2-4.12.4` `libswresample-devel >= 3.4.2-4.12.4` `libswresample2 >= 3.4.2-4.12.4` `libswscale-devel >= 3.4.2-4.12.4` `libswscale4 >= 3.4.2-4.12.4`
SUSE Linux Enterprise Module for Desktop Applications 15 SP2	`libavcodec57 >= 3.4.2-9.2` `libavformat57 >= 3.4.2-9.2` `libavutil-devel >= 3.4.2-9.2` `libavutil55 >= 3.4.2-9.2` `libpostproc-devel >= 3.4.2-9.2` `libpostproc54 >= 3.4.2-9.2` `libswresample-devel >= 3.4.2-9.2` `libswresample2 >= 3.4.2-9.2` `libswscale-devel >= 3.4.2-9.2` `libswscale4 >= 3.4.2-9.2`
SUSE Linux Enterprise Module for Desktop Applications 15	`libavcodec57 >= 3.4.2-2.35` `libavutil-devel >= 3.4.2-2.35` `libavutil55 >= 3.4.2-2.35` `libpostproc-devel >= 3.4.2-2.35` `libpostproc54 >= 3.4.2-2.35` `libswresample-devel >= 3.4.2-2.35` `libswresample2 >= 3.4.2-2.35` `libswscale-devel >= 3.4.2-2.35` `libswscale4 >= 3.4.2-2.35`
SUSE Linux Enterprise Workstation Extension 15 SP1	`libavcodec-devel >= 3.4.2-4.12.4` `libavformat-devel >= 3.4.2-4.12.4` `libavformat57 >= 3.4.2-4.12.4` `libavresample-devel >= 3.4.2-4.12.4` `libavresample3 >= 3.4.2-4.12.4`
SUSE Linux Enterprise Workstation Extension 15 SP2	`libavcodec-devel >= 3.4.2-9.2` `libavformat-devel >= 3.4.2-9.2` `libavresample-devel >= 3.4.2-9.2` `libavresample3 >= 3.4.2-9.2`
SUSE Linux Enterprise Workstation Extension 15	`libavcodec-devel >= 3.4.2-2.35` `libavformat-devel >= 3.4.2-2.35` `libavformat57 >= 3.4.2-2.35` `libavresample-devel >= 3.4.2-2.35` `libavresample3 >= 3.4.2-2.35`
SUSE Package Hub for SUSE Linux Enterprise 12 SP1	`ffmpeg2 >= 2.8.11-12.1` `ffmpeg2-devel >= 2.8.11-12.1` `libavcodec56 >= 2.8.11-12.1` `libavdevice56 >= 2.8.11-12.1` `libavfilter5 >= 2.8.11-12.1` `libavformat56 >= 2.8.11-12.1` `libavresample2 >= 2.8.11-12.1` `libavutil54 >= 2.8.11-12.1` `libpostproc53 >= 2.8.11-12.1` `libswresample1 >= 2.8.11-12.1` `libswscale3 >= 2.8.11-12.1`	Patchnames: openSUSE-2017-672
openSUSE Leap 15.0	`libavcodec57 >= 3.4.2-lp150.2.1` `libavdevice57 >= 3.4.2-lp150.2.1` `libavfilter6 >= 3.4.2-lp150.2.1` `libavformat57 >= 3.4.2-lp150.2.1` `libavresample3 >= 3.4.2-lp150.2.1` `libavutil55 >= 3.4.2-lp150.2.1` `libpostproc54 >= 3.4.2-lp150.2.1` `libswresample2 >= 3.4.2-lp150.2.1` `libswscale4 >= 3.4.2-lp150.2.1`	Patchnames: openSUSE Leap 15.0 GA libavcodec57
openSUSE Leap 42.2	`ffmpeg >= 3.3-6.6.1` `ffmpeg-debuginfo >= 3.3-6.6.1` `ffmpeg-debugsource >= 3.3-6.6.1` `ffmpeg2 >= 2.8.11-25.3.1` `ffmpeg2-debugsource >= 2.8.11-25.3.1` `ffmpeg2-devel >= 2.8.11-25.3.1` `libavcodec-devel >= 3.3-6.6.1` `libavcodec56 >= 2.8.11-25.3.1` `libavcodec56-32bit >= 2.8.11-25.3.1` `libavcodec56-debuginfo >= 2.8.11-25.3.1` `libavcodec56-debuginfo-32bit >= 2.8.11-25.3.1` `libavcodec57 >= 3.3-6.6.1` `libavcodec57-32bit >= 3.3-6.6.1` `libavcodec57-debuginfo >= 3.3-6.6.1` `libavcodec57-debuginfo-32bit >= 3.3-6.6.1` `libavdevice-devel >= 3.3-6.6.1` `libavdevice56 >= 2.8.11-25.3.1` `libavdevice56-32bit >= 2.8.11-25.3.1` `libavdevice56-debuginfo >= 2.8.11-25.3.1` `libavdevice56-debuginfo-32bit >= 2.8.11-25.3.1` `libavdevice57 >= 3.3-6.6.1` `libavdevice57-32bit >= 3.3-6.6.1` `libavdevice57-debuginfo >= 3.3-6.6.1` `libavdevice57-debuginfo-32bit >= 3.3-6.6.1` `libavfilter-devel >= 3.3-6.6.1` `libavfilter5 >= 2.8.11-25.3.1` `libavfilter5-32bit >= 2.8.11-25.3.1` `libavfilter5-debuginfo >= 2.8.11-25.3.1` `libavfilter5-debuginfo-32bit >= 2.8.11-25.3.1` `libavfilter6 >= 3.3-6.6.1` `libavfilter6-32bit >= 3.3-6.6.1` `libavfilter6-debuginfo >= 3.3-6.6.1` `libavfilter6-debuginfo-32bit >= 3.3-6.6.1` `libavformat-devel >= 3.3-6.6.1` `libavformat56 >= 2.8.11-25.3.1` `libavformat56-32bit >= 2.8.11-25.3.1` `libavformat56-debuginfo >= 2.8.11-25.3.1` `libavformat56-debuginfo-32bit >= 2.8.11-25.3.1` `libavformat57 >= 3.3-6.6.1` `libavformat57-32bit >= 3.3-6.6.1` `libavformat57-debuginfo >= 3.3-6.6.1` `libavformat57-debuginfo-32bit >= 3.3-6.6.1` `libavresample-devel >= 3.3-6.6.1` `libavresample2 >= 2.8.11-25.3.1` `libavresample2-32bit >= 2.8.11-25.3.1` `libavresample2-debuginfo >= 2.8.11-25.3.1` `libavresample2-debuginfo-32bit >= 2.8.11-25.3.1` `libavresample3 >= 3.3-6.6.1` `libavresample3-32bit >= 3.3-6.6.1` `libavresample3-debuginfo >= 3.3-6.6.1` `libavresample3-debuginfo-32bit >= 3.3-6.6.1` `libavutil-devel >= 3.3-6.6.1` `libavutil54 >= 2.8.11-25.3.1` `libavutil54-32bit >= 2.8.11-25.3.1` `libavutil54-debuginfo >= 2.8.11-25.3.1` `libavutil54-debuginfo-32bit >= 2.8.11-25.3.1` `libavutil55 >= 3.3-6.6.1` `libavutil55-32bit >= 3.3-6.6.1` `libavutil55-debuginfo >= 3.3-6.6.1` `libavutil55-debuginfo-32bit >= 3.3-6.6.1` `libpostproc-devel >= 3.3-6.6.1` `libpostproc53 >= 2.8.11-25.3.1` `libpostproc53-32bit >= 2.8.11-25.3.1` `libpostproc53-debuginfo >= 2.8.11-25.3.1` `libpostproc53-debuginfo-32bit >= 2.8.11-25.3.1` `libpostproc54 >= 3.3-6.6.1` `libpostproc54-32bit >= 3.3-6.6.1` `libpostproc54-debuginfo >= 3.3-6.6.1` `libpostproc54-debuginfo-32bit >= 3.3-6.6.1` `libswresample-devel >= 3.3-6.6.1` `libswresample1 >= 2.8.11-25.3.1` `libswresample1-32bit >= 2.8.11-25.3.1` `libswresample1-debuginfo >= 2.8.11-25.3.1` `libswresample1-debuginfo-32bit >= 2.8.11-25.3.1` `libswresample2 >= 3.3-6.6.1` `libswresample2-32bit >= 3.3-6.6.1` `libswresample2-debuginfo >= 3.3-6.6.1` `libswresample2-debuginfo-32bit >= 3.3-6.6.1` `libswscale-devel >= 3.3-6.6.1` `libswscale3 >= 2.8.11-25.3.1` `libswscale3-32bit >= 2.8.11-25.3.1` `libswscale3-debuginfo >= 2.8.11-25.3.1` `libswscale3-debuginfo-32bit >= 2.8.11-25.3.1` `libswscale4 >= 3.3-6.6.1` `libswscale4-32bit >= 3.3-6.6.1` `libswscale4-debuginfo >= 3.3-6.6.1` `libswscale4-debuginfo-32bit >= 3.3-6.6.1`	Patchnames: openSUSE-2017-524 openSUSE-2017-631
openSUSE Leap 42.3	`ffmpeg >= 3.3.4-7.1` `ffmpeg-debuginfo >= 3.3.4-7.1` `ffmpeg-debugsource >= 3.3.4-7.1` `ffmpeg2 >= 2.8.13-32.1` `ffmpeg2-debugsource >= 2.8.13-32.1` `ffmpeg2-devel >= 2.8.13-32.1` `lame >= 3.99.5-2.1` `lame-debuginfo >= 3.99.5-2.1` `lame-debugsource >= 3.99.5-2.1` `lame-doc >= 3.99.5-2.1` `lame-mp3rtp >= 3.99.5-2.1` `lame-mp3rtp-debuginfo >= 3.99.5-2.1` `libavcodec-devel >= 3.3.4-7.1` `libavcodec56 >= 2.8.13-32.1` `libavcodec56-32bit >= 2.8.13-32.1` `libavcodec56-debuginfo >= 2.8.13-32.1` `libavcodec56-debuginfo-32bit >= 2.8.13-32.1` `libavcodec57 >= 3.3.1-1.1` `libavcodec57-32bit >= 3.3.4-7.1` `libavcodec57-debuginfo >= 3.3.4-7.1` `libavcodec57-debuginfo-32bit >= 3.3.4-7.1` `libavdevice-devel >= 3.3.4-7.1` `libavdevice56 >= 2.8.13-32.1` `libavdevice56-32bit >= 2.8.13-32.1` `libavdevice56-debuginfo >= 2.8.13-32.1` `libavdevice56-debuginfo-32bit >= 2.8.13-32.1` `libavdevice57 >= 3.3.1-1.1` `libavdevice57-32bit >= 3.3.4-7.1` `libavdevice57-debuginfo >= 3.3.4-7.1` `libavdevice57-debuginfo-32bit >= 3.3.4-7.1` `libavfilter-devel >= 3.3.4-7.1` `libavfilter5 >= 2.8.13-32.1` `libavfilter5-32bit >= 2.8.13-32.1` `libavfilter5-debuginfo >= 2.8.13-32.1` `libavfilter5-debuginfo-32bit >= 2.8.13-32.1` `libavfilter6 >= 3.3.1-1.1` `libavfilter6-32bit >= 3.3.4-7.1` `libavfilter6-debuginfo >= 3.3.4-7.1` `libavfilter6-debuginfo-32bit >= 3.3.4-7.1` `libavformat-devel >= 3.3.4-7.1` `libavformat56 >= 2.8.13-32.1` `libavformat56-32bit >= 2.8.13-32.1` `libavformat56-debuginfo >= 2.8.13-32.1` `libavformat56-debuginfo-32bit >= 2.8.13-32.1` `libavformat57 >= 3.3.1-1.1` `libavformat57-32bit >= 3.3.4-7.1` `libavformat57-debuginfo >= 3.3.4-7.1` `libavformat57-debuginfo-32bit >= 3.3.4-7.1` `libavresample-devel >= 3.3.4-7.1` `libavresample2 >= 2.8.13-32.1` `libavresample2-32bit >= 2.8.13-32.1` `libavresample2-debuginfo >= 2.8.13-32.1` `libavresample2-debuginfo-32bit >= 2.8.13-32.1` `libavresample3 >= 3.3.1-1.1` `libavresample3-32bit >= 3.3.4-7.1` `libavresample3-debuginfo >= 3.3.4-7.1` `libavresample3-debuginfo-32bit >= 3.3.4-7.1` `libavutil-devel >= 3.3.4-7.1` `libavutil54 >= 2.8.13-32.1` `libavutil54-32bit >= 2.8.13-32.1` `libavutil54-debuginfo >= 2.8.13-32.1` `libavutil54-debuginfo-32bit >= 2.8.13-32.1` `libavutil55 >= 3.3.1-1.1` `libavutil55-32bit >= 3.3.4-7.1` `libavutil55-debuginfo >= 3.3.4-7.1` `libavutil55-debuginfo-32bit >= 3.3.4-7.1` `libmp3lame-devel >= 3.99.5-2.1` `libmp3lame0 >= 3.99.5-2.1` `libmp3lame0-32bit >= 3.99.5-2.1` `libmp3lame0-debuginfo >= 3.99.5-2.1` `libmp3lame0-debuginfo-32bit >= 3.99.5-2.1` `libpostproc-devel >= 3.3.4-7.1` `libpostproc53 >= 2.8.13-32.1` `libpostproc53-32bit >= 2.8.13-32.1` `libpostproc53-debuginfo >= 2.8.13-32.1` `libpostproc53-debuginfo-32bit >= 2.8.13-32.1` `libpostproc54 >= 3.3.1-1.1` `libpostproc54-32bit >= 3.3.4-7.1` `libpostproc54-debuginfo >= 3.3.4-7.1` `libpostproc54-debuginfo-32bit >= 3.3.4-7.1` `libswresample-devel >= 3.3.4-7.1` `libswresample1 >= 2.8.13-32.1` `libswresample1-32bit >= 2.8.13-32.1` `libswresample1-debuginfo >= 2.8.13-32.1` `libswresample1-debuginfo-32bit >= 2.8.13-32.1` `libswresample2 >= 3.3.1-1.1` `libswresample2-32bit >= 3.3.4-7.1` `libswresample2-debuginfo >= 3.3.4-7.1` `libswresample2-debuginfo-32bit >= 3.3.4-7.1` `libswscale-devel >= 3.3.4-7.1` `libswscale3 >= 2.8.13-32.1` `libswscale3-32bit >= 2.8.13-32.1` `libswscale3-debuginfo >= 2.8.13-32.1` `libswscale3-debuginfo-32bit >= 2.8.13-32.1` `libswscale4 >= 3.3.1-1.1` `libswscale4-32bit >= 3.3.4-7.1` `libswscale4-debuginfo >= 3.3.4-7.1` `libswscale4-debuginfo-32bit >= 3.3.4-7.1` `libtwolame-devel >= 0.3.13-2.1` `libtwolame0 >= 0.3.13-2.1` `libtwolame0-32bit >= 0.3.13-2.1` `libtwolame0-debuginfo >= 0.3.13-2.1` `libtwolame0-debuginfo-32bit >= 0.3.13-2.1` `twolame >= 0.3.13-2.1` `twolame-debuginfo >= 0.3.13-2.1` `twolame-debugsource >= 0.3.13-2.1`	Patchnames: openSUSE Leap 42.3 GA libavcodec57 openSUSE-2017-1067

CVE-2017-7866

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

支持服务

SUSE 全球服务

支持资源

合作伙伴

Communities

关于