ISN 2023-30: Ffmpeg Vulnerabilities

First published 22 November 2023

CVSS 3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Security vulnerabilities have been found in the Ffmpeg video library used in IGEL OS. This affects the following IGEL products:

• IGEL OS 11

Details

Several vulnerabilities have been identified in the Ffmpeg multimedia framework (CVE-2022-4907). They could allow an attacker to cause denial of service or potentially execute arbitrary code. These vulnerabilities are rated as high.

Update Instructions

• OS 11: Update to version 11.09.150 (available 6 December)

References

• CVE-2022-4907: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4907