rpm package
opensuse/ffmpeg-6&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ffmpeg-6&distro=openSUSE%20Tumbleweed
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-25473 | Med | 5.3 | < 6.1.2-3.1 | 6.1.2-3.1 | Feb 18, 2025 | FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c. | |
| CVE-2025-22919 | Med | 6.5 | < 6.1.2-3.1 | 6.1.2-3.1 | Feb 18, 2025 | A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. | |
| CVE-2025-22921 | — | < 6.1.2-3.1 | 6.1.2-3.1 | Feb 18, 2025 | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | ||
| CVE-2025-0518 | — | < 6.1.2-3.1 | 6.1.2-3.1 | Jan 16, 2025 | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu | ||
| CVE-2024-36613 | — | < 6.1.2-4.1 | 6.1.2-4.1 | Jan 3, 2025 | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | ||
| CVE-2024-35365 | — | < 6.1.2-3.1 | 6.1.2-3.1 | Jan 3, 2025 | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | ||
| CVE-2024-35368 | — | < 6.1.2-3.1 | 6.1.2-3.1 | Nov 29, 2024 | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | ||
| CVE-2024-7055 | — | < 6.1.1-9.1 | 6.1.1-9.1 | Aug 6, 2024 | A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit h | ||
| CVE-2024-32230 | — | < 6.1.1-6.1 | 6.1.1-6.1 | Jul 1, 2024 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 | ||
| CVE-2024-32228 | — | < 6.1.1-6.1 | 6.1.1-6.1 | Jul 1, 2024 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | ||
| CVE-2023-47282 | Low | 3.9 | < 6.1.2-3.1 | 6.1.2-3.1 | May 16, 2024 | Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2023-22656 | Low | 3.9 | < 6.1.2-3.1 | 6.1.2-3.1 | May 16, 2024 | Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2023-47169 | — | < 6.1.2-3.1 | 6.1.2-3.1 | May 16, 2024 | Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2023-45221 | — | < 6.1.2-3.1 | 6.1.2-3.1 | May 16, 2024 | Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2023-48368 | — | < 6.1.2-3.1 | 6.1.2-3.1 | May 16, 2024 | Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2023-51798 | — | < 6.1.2-3.1 | 6.1.2-3.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. | ||
| CVE-2023-51793 | — | < 6.1.2-3.1 | 6.1.2-3.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. | ||
| CVE-2023-50010 | — | < 6.1.2-4.1 | 6.1.2-4.1 | Apr 19, 2024 | FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component. | ||
| CVE-2023-50008 | — | < 6.1.1-5.1 | 6.1.1-5.1 | Apr 19, 2024 | FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. | ||
| CVE-2023-50007 | — | < 6.1.1-5.1 | 6.1.1-5.1 | Apr 19, 2024 | FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. |
- affected < 6.1.2-3.1fixed 6.1.2-3.1
FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.
- affected < 6.1.2-3.1fixed 6.1.2-3.1
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
- CVE-2025-22921Feb 18, 2025affected < 6.1.2-3.1fixed 6.1.2-3.1
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
- CVE-2025-0518Jan 16, 2025affected < 6.1.2-3.1fixed 6.1.2-3.1
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu
- CVE-2024-36613Jan 3, 2025affected < 6.1.2-4.1fixed 6.1.2-4.1
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
- CVE-2024-35365Jan 3, 2025affected < 6.1.2-3.1fixed 6.1.2-3.1
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
- CVE-2024-35368Nov 29, 2024affected < 6.1.2-3.1fixed 6.1.2-3.1
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
- CVE-2024-7055Aug 6, 2024affected < 6.1.1-9.1fixed 6.1.1-9.1
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit h
- CVE-2024-32230Jul 1, 2024affected < 6.1.1-6.1fixed 6.1.1-6.1
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
- CVE-2024-32228Jul 1, 2024affected < 6.1.1-6.1fixed 6.1.1-6.1
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.
- affected < 6.1.2-3.1fixed 6.1.2-3.1
Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
- affected < 6.1.2-3.1fixed 6.1.2-3.1
Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2023-47169May 16, 2024affected < 6.1.2-3.1fixed 6.1.2-3.1
Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2023-45221May 16, 2024affected < 6.1.2-3.1fixed 6.1.2-3.1
Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2023-48368May 16, 2024affected < 6.1.2-3.1fixed 6.1.2-3.1
Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2023-51798Apr 19, 2024affected < 6.1.2-3.1fixed 6.1.2-3.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
- CVE-2023-51793Apr 19, 2024affected < 6.1.2-3.1fixed 6.1.2-3.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
- CVE-2023-50010Apr 19, 2024affected < 6.1.2-4.1fixed 6.1.2-4.1
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
- CVE-2023-50008Apr 19, 2024affected < 6.1.1-5.1fixed 6.1.1-5.1
FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component.
- CVE-2023-50007Apr 19, 2024affected < 6.1.1-5.1fixed 6.1.1-5.1
FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.
Page 1 of 2