Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-31578

Published: 17 April 2024

FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

Priority

Medium

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
bionic
Released (7:3.4.11-0ubuntu0.1+esm5)
Available with Ubuntu Pro
focal
Released (7:4.2.7-0ubuntu0.1+esm5)
Available with Ubuntu Pro
jammy
Released (7:4.4.2-0ubuntu0.22.04.1+esm4)
Available with Ubuntu Pro
mantic
Released (7:6.0-6ubuntu1.1)
noble
Released (7:6.1.1-3ubuntu5+esm1)
Available with Ubuntu Pro
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7
libav
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

trusty Needs triage

upstream Needs triage