rpm package
opensuse/ffmpeg-7&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ffmpeg-7&distro=openSUSE%20Tumbleweed
Vulnerabilities (38)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40962 | Med | 4.9 | < 7.1.3-3.1 | 7.1.3-3.1 | Apr 16, 2026 | FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. | |
| CVE-2026-30997 | Hig | 7.5 | < 7.1.4-3.1 | 7.1.4-3.1 | Apr 13, 2026 | An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |
| CVE-2025-10256 | — | < 7.1.4-2.1 | 7.1.4-2.1 | Feb 18, 2026 | A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a cr | ||
| CVE-2025-7700 | Med | 5.3 | < 7.1.1-8.1 | 7.1.1-8.1 | Nov 7, 2025 | A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup | |
| CVE-2025-9951 | Hig | — | < 7.1.4-2.1 | 7.1.4-2.1 | Sep 9, 2025 | A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. | |
| CVE-2025-1816 | Med | 4.3 | < 7.1.1-1.1 | 7.1.1-1.1 | Mar 2, 2025 | A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters | |
| CVE-2025-1594 | — | < 7.1.4-2.1 | 7.1.4-2.1 | Feb 23, 2025 | A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate th | ||
| CVE-2025-25473 | Med | 5.3 | < 7.1-3.1 | 7.1-3.1 | Feb 18, 2025 | FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c. | |
| CVE-2025-22920 | Med | 5.3 | < 7.1-3.1 | 7.1-3.1 | Feb 18, 2025 | A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). | |
| CVE-2025-22919 | Med | 6.5 | < 7.1-3.1 | 7.1-3.1 | Feb 18, 2025 | A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. | |
| CVE-2025-22921 | — | < 7.1-3.1 | 7.1-3.1 | Feb 18, 2025 | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | ||
| CVE-2025-0518 | — | < 7.1-3.1 | 7.1-3.1 | Jan 16, 2025 | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu | ||
| CVE-2023-6601 | — | < 7.1.3-1.1 | 7.1.3-1.1 | Jan 6, 2025 | A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. | ||
| CVE-2024-36613 | — | < 7.1-3.1 | 7.1-3.1 | Jan 3, 2025 | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | ||
| CVE-2024-35365 | — | < 7.1-3.1 | 7.1-3.1 | Jan 3, 2025 | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | ||
| CVE-2024-36619 | — | < 7.1.1-4.1 | 7.1.1-4.1 | Nov 29, 2024 | FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. | ||
| CVE-2024-36618 | — | < 7.1.1-4.1 | 7.1.1-4.1 | Nov 29, 2024 | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. | ||
| CVE-2024-36617 | — | < 7.1.1-4.1 | 7.1.1-4.1 | Nov 29, 2024 | FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. | ||
| CVE-2024-36616 | — | < 7.1.1-4.1 | 7.1.1-4.1 | Nov 29, 2024 | An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. | ||
| CVE-2024-36615 | — | < 7.1.1-4.1 | 7.1.1-4.1 | Nov 29, 2024 | FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. |
- affected < 7.1.3-3.1fixed 7.1.3-3.1
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
- affected < 7.1.4-3.1fixed 7.1.4-3.1
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-10256Feb 18, 2026affected < 7.1.4-2.1fixed 7.1.4-2.1
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a cr
- affected < 7.1.1-8.1fixed 7.1.1-8.1
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup
- affected < 7.1.4-2.1fixed 7.1.4-2.1
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
- affected < 7.1.1-1.1fixed 7.1.1-1.1
A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters
- CVE-2025-1594Feb 23, 2025affected < 7.1.4-2.1fixed 7.1.4-2.1
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate th
- affected < 7.1-3.1fixed 7.1-3.1
FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.
- affected < 7.1-3.1fixed 7.1-3.1
A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS).
- affected < 7.1-3.1fixed 7.1-3.1
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
- CVE-2025-22921Feb 18, 2025affected < 7.1-3.1fixed 7.1-3.1
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
- CVE-2025-0518Jan 16, 2025affected < 7.1-3.1fixed 7.1-3.1
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu
- CVE-2023-6601Jan 6, 2025affected < 7.1.3-1.1fixed 7.1.3-1.1
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
- CVE-2024-36613Jan 3, 2025affected < 7.1-3.1fixed 7.1-3.1
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
- CVE-2024-35365Jan 3, 2025affected < 7.1-3.1fixed 7.1-3.1
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
- CVE-2024-36619Nov 29, 2024affected < 7.1.1-4.1fixed 7.1.1-4.1
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.
- CVE-2024-36618Nov 29, 2024affected < 7.1.1-4.1fixed 7.1.1-4.1
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
- CVE-2024-36617Nov 29, 2024affected < 7.1.1-4.1fixed 7.1.1-4.1
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
- CVE-2024-36616Nov 29, 2024affected < 7.1.1-4.1fixed 7.1.1-4.1
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
- CVE-2024-36615Nov 29, 2024affected < 7.1.1-4.1fixed 7.1.1-4.1
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
Page 1 of 2