Описание
Security update for ffmpeg-4
This update for ffmpeg-4 fixes the following issues:
- CVE-2023-6601: Fixed HLS Unsafe File Extension Bypass (bsc#1220545).
- CVE-2025-63757: Fixed integer overflow in yuv2ya16_X_c_template() (bsc#1255392).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libavcodec58_134-4.4.6-150400.3.60.1
libavformat58_76-4.4.6-150400.3.60.1
libavutil56_70-4.4.6-150400.3.60.1
libpostproc55_9-4.4.6-150400.3.60.1
libswresample3_9-4.4.6-150400.3.60.1
libswscale5_9-4.4.6-150400.3.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libavcodec58_134-4.4.6-150400.3.60.1
libavformat58_76-4.4.6-150400.3.60.1
libavutil56_70-4.4.6-150400.3.60.1
libpostproc55_9-4.4.6-150400.3.60.1
libswresample3_9-4.4.6-150400.3.60.1
libswscale5_9-4.4.6-150400.3.60.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libavcodec58_134-4.4.6-150400.3.60.1
libavformat58_76-4.4.6-150400.3.60.1
libavutil56_70-4.4.6-150400.3.60.1
libpostproc55_9-4.4.6-150400.3.60.1
libswresample3_9-4.4.6-150400.3.60.1
libswscale5_9-4.4.6-150400.3.60.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libavcodec58_134-4.4.6-150400.3.60.1
libavformat58_76-4.4.6-150400.3.60.1
libavutil56_70-4.4.6-150400.3.60.1
libpostproc55_9-4.4.6-150400.3.60.1
libswresample3_9-4.4.6-150400.3.60.1
libswscale5_9-4.4.6-150400.3.60.1
Ссылки
- Link for SUSE-SU-2026:0229-1
- E-Mail link for SUSE-SU-2026:0229-1
- SUSE Security Ratings
- SUSE Bug 1220545
- SUSE Bug 1255392
- SUSE CVE CVE-2023-6601 page
- SUSE CVE CVE-2025-63757 page
Описание
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavcodec58_134-4.4.6-150400.3.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavformat58_76-4.4.6-150400.3.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavutil56_70-4.4.6-150400.3.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpostproc55_9-4.4.6-150400.3.60.1
Ссылки
- CVE-2023-6601
- SUSE Bug 1220545
Описание
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavcodec58_134-4.4.6-150400.3.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavformat58_76-4.4.6-150400.3.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libavutil56_70-4.4.6-150400.3.60.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpostproc55_9-4.4.6-150400.3.60.1
Ссылки
- CVE-2025-63757
- SUSE Bug 1255392