Support Product Security

EdgeRover Desktop App Version 1.5.0-576

WDC Tracking Number: WDC-22003
Product Line: EdgeRover
Published: January 13, 2022

Last Updated:  January 13, 2022

Description

EdgeRover 1.5.0-576 includes two major security fixes to help keep your content secure.

Multiple vulnerabilities have been discovered in the FFmpeg multimedia framework which could cause a denial of service or code execution vulnerability if malformed files or streams are processed.

Insecure file and directory permissions were in place that could allow resources to be read or modified by unintended actors.

Product Impact
Minimum Fix Version
Last Updated
EdgeRover Mac Desktop App
1.5.0-576
January 10, 2022
EdgeRover Windows Desktop App
1.5.0-576
January 10, 2022

Advisory Summary

Addressed multiple FFmpeg vulnerabilities by updating the version to 7:4.1.8-0+deb10u1.

CVE Number: CVE-2020-20445, CVE-2020-20446, CVE-2020-20453, CVE-2020-21041, CVE-2020-22015, CVE-2020-22016, CVE-2020-22017, CVE-2020-22019, CVE-2020-22020, CVE-2020-22021, CVE-2020-22022, CVE-2020-22023, CVE-2020-22025, CVE-2020-22026, CVE-2020-22027, CVE-2020-22028, CVE-2020-22029, CVE-2020-22030, CVE-2020-22031, CVE-2020-22032, CVE-2020-22033, CVE-2020-22034, CVE-2020-22035, CVE-2020-22036, CVE-2020-22037, CVE-2020-22049, CVE-2020-22054, CVE-2020-35965, CVE-2021-38114, CVE-2021-38171, CVE-2021-38291

File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources.

CVE Number: CVE-2022-22988