rpm package
opensuse/ffmpeg-8&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ffmpeg-8&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-30997 | Hig | 7.5 | < 8.1.1-3.1 | 8.1.1-3.1 | Apr 13, 2026 | An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |
| CVE-2025-10256 | — | < 8.1.1-3.1 | 8.1.1-3.1 | Feb 18, 2026 | A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a cr | ||
| CVE-2025-9951 | Hig | — | < 8.1.1-3.1 | 8.1.1-3.1 | Sep 9, 2025 | A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. | |
| CVE-2025-1594 | — | < 8.1.1-3.1 | 8.1.1-3.1 | Feb 23, 2025 | A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate th |
- affected < 8.1.1-3.1fixed 8.1.1-3.1
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-10256Feb 18, 2026affected < 8.1.1-3.1fixed 8.1.1-3.1
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a cr
- affected < 8.1.1-3.1fixed 8.1.1-3.1
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
- CVE-2025-1594Feb 23, 2025affected < 8.1.1-3.1fixed 8.1.1-3.1
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate th