{
  "id": "openEuler-SA-2022-1808",
  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1808",
  "title": "An update for ffmpeg is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
  "severity": "Moderate",
  "description": "FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\r\n\r\nSecurity Fix(es):\r\n\r\ntrack_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.(CVE-2020-35964)\r\n\r\nlibavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.(CVE-2021-38114)",
  "cves": [
    {
      "id": "CVE-2021-38114",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114",
      "severity": "Moderate"
    }
  ]
}