ELA-886-1 ffmpeg security update

null pointer dereferences

2023-06-30
Packageffmpeg
Version7:3.2.19-0+deb9u2 (stretch)
Related CVEs CVE-2022-3109 CVE-2022-3341


Two null pointer dereferences have been fixed in the FFmpeg multimedia framework.

CVE-2022-3109

Null pointer dereference in vp3_decode_frame()

CVE-2022-3341

Null pointer dereference in nutdec.c


For Debian 9 stretch, these problems have been fixed in version 7:3.2.19-0+deb9u2.

We recommend that you upgrade your ffmpeg packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.