Описание
Security update for ffmpeg-4
This update for ffmpeg-4 fixes the following issues:
- CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382).
- CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351).
- CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007).
- CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371).
- CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358).
- CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028).
- CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092).
- CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component (bsc#1223256).
- CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437).
- CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272).
- CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235).
- CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304).
- CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070).
- CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026).
- CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296).
Other fixes:
- Updated to version 4.4.5.
Список пакетов
Container containers/open-webui:0
SUSE Linux Enterprise Module for Package Hub 15 SP6
SUSE Linux Enterprise Workstation Extension 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:0862-1
- E-Mail link for SUSE-SU-2025:0862-1
- SUSE Security Ratings
- SUSE Bug 1202848
- SUSE Bug 1215945
- SUSE Bug 1223070
- SUSE Bug 1223235
- SUSE Bug 1223256
- SUSE Bug 1223272
- SUSE Bug 1223304
- SUSE Bug 1223437
- SUSE Bug 1227296
- SUSE Bug 1229026
- SUSE Bug 1229338
- SUSE Bug 1234028
- SUSE Bug 1235092
- SUSE Bug 1236007
- SUSE Bug 1237351
- SUSE Bug 1237358
- SUSE Bug 1237371
Описание
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
Затронутые продукты
Ссылки
- CVE-2023-49502
- SUSE Bug 1223235
Описание
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component.
Затронутые продукты
Ссылки
- CVE-2023-50010
- SUSE Bug 1223256
Описание
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
Затронутые продукты
Ссылки
- CVE-2023-51793
- SUSE Bug 1223272
Описание
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
Затронутые продукты
Ссылки
- CVE-2023-51794
- SUSE Bug 1223437
Описание
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
Затронутые продукты
Ссылки
- CVE-2023-51798
- SUSE Bug 1223304
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2024-12361
- SUSE Bug 1237358
Описание
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
Затронутые продукты
Ссылки
- CVE-2024-31578
- SUSE Bug 1223070
Описание
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
Затронутые продукты
Ссылки
- CVE-2024-32230
- SUSE Bug 1227296
Описание
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
Затронутые продукты
Ссылки
- CVE-2024-35368
- SUSE Bug 1234028
Описание
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
Затронутые продукты
Ссылки
- CVE-2024-36613
- SUSE Bug 1235092
Описание
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.
Затронутые продукты
Ссылки
- CVE-2024-7055
- SUSE Bug 1229026
Описание
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman
Затронутые продукты
Ссылки
- CVE-2025-0518
- SUSE Bug 1236007
Описание
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
Затронутые продукты
Ссылки
- CVE-2025-22919
- SUSE Bug 1237371
Описание
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
Затронутые продукты
Ссылки
- CVE-2025-22921
- SUSE Bug 1237382
Описание
FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
Затронутые продукты
Ссылки
- CVE-2025-25473
- SUSE Bug 1237351