Описание
Security update for ffmpeg-4
This update for ffmpeg-4 fixes the following issues
Update to version 4.4.7:
- CVE-2023-6601: HLS Unsafe File Extension Bypass (bsc#1220545).
- CVE-2024-35366: FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the i (bsc#1234030).
- CVE-2025-1594: stack-based buffer overflow in function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder (bsc#1237561).
- CVE-2025-9951: heap-based buffer overflow in jpeg2000dec (bsc#1249393).
- CVE-2025-10256: NULL pointer dereference in Firequalizer filter (bsc#1249431).
- CVE-2025-63757: accumulation of filtered pixel values can lead to an integer overflow (bsc#1255392).
- CVE-2026-30997: Denial of Service via out-of-bounds read (bsc#1262047).
- CVE-2026-40962: inadequate CENC subsample bounds checks can lead to an integer overflow (bsc#1262237).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP4
Ссылки
- Link for SUSE-SU-2026:2444-1
- E-Mail link for SUSE-SU-2026:2444-1
- SUSE Security Ratings
- SUSE Bug 1220545
- SUSE Bug 1234030
- SUSE Bug 1237561
- SUSE Bug 1249393
- SUSE Bug 1249431
- SUSE Bug 1255392
- SUSE Bug 1262047
- SUSE Bug 1262237
- SUSE CVE CVE-2023-6601 page
- SUSE CVE CVE-2024-35366 page
- SUSE CVE CVE-2024-35368 page
- SUSE CVE CVE-2024-36618 page
- SUSE CVE CVE-2025-10256 page
- SUSE CVE CVE-2025-1594 page
- SUSE CVE CVE-2025-59728 page
- SUSE CVE CVE-2025-63757 page
- SUSE CVE CVE-2025-9951 page
Описание
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
Затронутые продукты
Ссылки
- CVE-2023-6601
- SUSE Bug 1220545
Описание
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
Затронутые продукты
Ссылки
- CVE-2024-35366
- SUSE Bug 1234030
Описание
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
Затронутые продукты
Ссылки
- CVE-2024-35368
- SUSE Bug 1234028
Описание
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
Затронутые продукты
Ссылки
- CVE-2024-36618
- SUSE Bug 1234020
Описание
A NULL pointer dereference vulnerability exists in FFmpeg's Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.
Затронутые продукты
Ссылки
- CVE-2025-10256
- SUSE Bug 1249431
Описание
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Затронутые продукты
Ссылки
- CVE-2025-1594
- SUSE Bug 1237561
Описание
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is not an empty string, it is assigned to root_url at [1].If the last (non-NUL) byte in this buffer is not '/' then we append '/' in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer. We recommend upgrading to version 8.0 or beyond.
Затронутые продукты
Ссылки
- CVE-2025-59728
- SUSE Bug 1251137
Описание
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
Затронутые продукты
Ссылки
- CVE-2025-63757
- SUSE Bug 1255392
Описание
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
Затронутые продукты
Ссылки
- CVE-2025-9951
- SUSE Bug 1249393
Описание
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Затронутые продукты
Ссылки
- CVE-2026-30997
- SUSE Bug 1262047
Описание
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
Затронутые продукты
Ссылки
- CVE-2026-40962
- SUSE Bug 1262237