Integer Overflow or Wraparound Affecting libpostproc-devel package, versions <3.4.2-150200.11.31.1
Threat Intelligence
EPSS
0.04% (6th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES155-LIBPOSTPROCDEVEL-5922562
- published 28 Sep 2023
- disclosed 27 Sep 2023
Introduced: 27 Sep 2023
CVE-2021-28429 Open this link in a new tabHow to fix?
Upgrade SLES:15.5 libpostproc-devel to version 3.4.2-150200.11.31.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libpostproc-devel package and not the libpostproc-devel package as distributed by SLES.
See How to fix? for SLES:15.5 relevant fixed versions and status.
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.
References
- https://www.suse.com/security/cve/CVE-2021-28429.html
- https://lists.suse.com/pipermail/sle-updates/2023-September/031747.html
- https://www.suse.com/support/update/announcement/2023/suse-su-20233818-1/
- https://bugzilla.suse.com/1214246
- https://www.suse.com/security/cve/CVE-2021-28429/
- https://www.suse.com/support/security/rating/
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c94875471e3ba3dc396c6919ff3ec9b14539cd71
CVSS Scores
version 3.1