Описание
Security update for ffmpeg-4
This update for ffmpeg-4 fixes the following issues:
Changes in ffmpeg-4:
-
Add check for the return value of av_malloc_array() to avoid potential NULL pointer dereference. (CVE-2025-10256, bsc#1249431)
-
Update to version 4.4.7:
- Codecs, filters and other various bugfixes
- aacenc_tns: clamp filter direction energy measurement. (CVE-2025-1594, bsc#1237561)
- avcodec/jpeg2000dec: implement cdef remapping during pixel format matching. (CVE-2025-9951, bsc#1249393)
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1234030
- SUSE Bug 1237561
- SUSE Bug 1249393
- SUSE Bug 1249431
- SUSE CVE CVE-2024-35366 page
- SUSE CVE CVE-2024-35368 page
- SUSE CVE CVE-2024-36618 page
- SUSE CVE CVE-2025-10256 page
- SUSE CVE CVE-2025-1594 page
- SUSE CVE CVE-2025-59728 page
- SUSE CVE CVE-2025-9951 page
Описание
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
Затронутые продукты
Ссылки
- CVE-2024-35366
- SUSE Bug 1234030
Описание
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
Затронутые продукты
Ссылки
- CVE-2024-35368
- SUSE Bug 1234028
Описание
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
Затронутые продукты
Ссылки
- CVE-2024-36618
- SUSE Bug 1234020
Описание
A NULL pointer dereference vulnerability exists in FFmpeg's Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.
Затронутые продукты
Ссылки
- CVE-2025-10256
- SUSE Bug 1249431
Описание
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Затронутые продукты
Ссылки
- CVE-2025-1594
- SUSE Bug 1237561
Описание
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is not an empty string, it is assigned to root_url at [1].If the last (non-NUL) byte in this buffer is not '/' then we append '/' in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer. We recommend upgrading to version 8.0 or beyond.
Затронутые продукты
Ссылки
- CVE-2025-59728
- SUSE Bug 1251137
Описание
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
Затронутые продукты
Ссылки
- CVE-2025-9951
- SUSE Bug 1249393