Описание
Security update for ffmpeg
This update for ffmpeg fixes the following issues:
- CVE-2025-22921: Clear array length when freeing it. (bsc#1237382)
- CVE-2025-0518: Fix memory data leak when use sscanf(). (bsc#1236007)
- CVE-2025-22919: Check for valid sample rate, to fix the invalid sample rate >= 0. (bsc#1237371)
- CVE-2024-12361: Add check for av_packet_new_side_data() to avoid null pointer dereference if allocation fails. (bsc#1237358)
- CVE-2024-36613: Adjust order of operations around block align. (bsc#1235092)
- CVE-2024-35365: Fix double-free on error. (bsc#1235091)
- CVE-2024-35368: Fix double-free on the AVFrame is unreferenced. (bsc#1234028)
- CVE-2023-51793: Fix out of array access. (bsc#1223272).
- CVE-2023-51793: Fixed a heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272).
Список пакетов
SUSE Enterprise Storage 7.1
libavcodec57-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavresample-devel-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libavcodec57-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavresample-devel-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libavcodec57-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libavcodec57-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libavcodec57-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libavcodec57-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
libavcodec57-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
ffmpeg-3.4.2-150200.11.60.1
libavdevice57-3.4.2-150200.11.60.1
libavfilter6-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libavcodec57-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavresample-devel-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libavcodec57-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libavcodec57-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libavcodec57-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavresample-devel-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libavcodec57-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libavcodec57-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
SUSE Linux Enterprise Workstation Extension 15 SP6
libavcodec-devel-3.4.2-150200.11.60.1
libavformat-devel-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavresample-devel-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
openSUSE Leap 15.6
ffmpeg-3.4.2-150200.11.60.1
ffmpeg-private-devel-3.4.2-150200.11.60.1
libavcodec-devel-3.4.2-150200.11.60.1
libavcodec57-3.4.2-150200.11.60.1
libavcodec57-32bit-3.4.2-150200.11.60.1
libavdevice-devel-3.4.2-150200.11.60.1
libavdevice57-3.4.2-150200.11.60.1
libavdevice57-32bit-3.4.2-150200.11.60.1
libavfilter-devel-3.4.2-150200.11.60.1
libavfilter6-3.4.2-150200.11.60.1
libavfilter6-32bit-3.4.2-150200.11.60.1
libavformat-devel-3.4.2-150200.11.60.1
libavformat57-3.4.2-150200.11.60.1
libavformat57-32bit-3.4.2-150200.11.60.1
libavresample-devel-3.4.2-150200.11.60.1
libavresample3-3.4.2-150200.11.60.1
libavresample3-32bit-3.4.2-150200.11.60.1
libavutil-devel-3.4.2-150200.11.60.1
libavutil55-3.4.2-150200.11.60.1
libavutil55-32bit-3.4.2-150200.11.60.1
libpostproc-devel-3.4.2-150200.11.60.1
libpostproc54-3.4.2-150200.11.60.1
libpostproc54-32bit-3.4.2-150200.11.60.1
libswresample-devel-3.4.2-150200.11.60.1
libswresample2-3.4.2-150200.11.60.1
libswresample2-32bit-3.4.2-150200.11.60.1
libswscale-devel-3.4.2-150200.11.60.1
libswscale4-3.4.2-150200.11.60.1
libswscale4-32bit-3.4.2-150200.11.60.1
Ссылки
- Link for SUSE-SU-2025:1450-1
- E-Mail link for SUSE-SU-2025:1450-1
- SUSE Security Ratings
- SUSE Bug 1223272
- SUSE Bug 1234028
- SUSE Bug 1235091
- SUSE Bug 1235092
- SUSE Bug 1236007
- SUSE Bug 1237358
- SUSE Bug 1237371
- SUSE Bug 1237382
- SUSE CVE CVE-2023-51793 page
- SUSE CVE CVE-2024-12361 page
- SUSE CVE CVE-2024-35365 page
- SUSE CVE CVE-2024-35368 page
- SUSE CVE CVE-2024-36613 page
- SUSE CVE CVE-2025-0518 page
- SUSE CVE CVE-2025-22919 page
- SUSE CVE CVE-2025-22921 page
Описание
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
Затронутые продукты
SUSE Enterprise Storage 7.1:libavcodec57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavformat57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample-devel-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample3-3.4.2-150200.11.60.1
Ссылки
- CVE-2023-51793
- SUSE Bug 1223272
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
SUSE Enterprise Storage 7.1:libavcodec57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavformat57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample-devel-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample3-3.4.2-150200.11.60.1
Ссылки
- CVE-2024-12361
- SUSE Bug 1237358
Описание
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
Затронутые продукты
SUSE Enterprise Storage 7.1:libavcodec57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavformat57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample-devel-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample3-3.4.2-150200.11.60.1
Ссылки
- CVE-2024-35365
- SUSE Bug 1235091
Описание
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
Затронутые продукты
SUSE Enterprise Storage 7.1:libavcodec57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavformat57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample-devel-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample3-3.4.2-150200.11.60.1
Ссылки
- CVE-2024-35368
- SUSE Bug 1234028
Описание
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
Затронутые продукты
SUSE Enterprise Storage 7.1:libavcodec57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavformat57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample-devel-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample3-3.4.2-150200.11.60.1
Ссылки
- CVE-2024-36613
- SUSE Bug 1235092
Описание
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman
Затронутые продукты
SUSE Enterprise Storage 7.1:libavcodec57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavformat57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample-devel-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample3-3.4.2-150200.11.60.1
Ссылки
- CVE-2025-0518
- SUSE Bug 1236007
Описание
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
Затронутые продукты
SUSE Enterprise Storage 7.1:libavcodec57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavformat57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample-devel-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample3-3.4.2-150200.11.60.1
Ссылки
- CVE-2025-22919
- SUSE Bug 1237371
Описание
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
Затронутые продукты
SUSE Enterprise Storage 7.1:libavcodec57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavformat57-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample-devel-3.4.2-150200.11.60.1
SUSE Enterprise Storage 7.1:libavresample3-3.4.2-150200.11.60.1
Ссылки
- CVE-2025-22921
- SUSE Bug 1237382