rpm package
suse/ffmpeg&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP6
pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-7700 | Med | 5.3 | < 3.4.2-150200.11.67.1 | 3.4.2-150200.11.67.1 | Nov 7, 2025 | A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup | |
| CVE-2025-22919 | Med | 6.5 | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Feb 18, 2025 | A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. | |
| CVE-2025-22921 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Feb 18, 2025 | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | ||
| CVE-2025-0518 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Jan 16, 2025 | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu | ||
| CVE-2024-36613 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Jan 3, 2025 | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | ||
| CVE-2024-35365 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Jan 3, 2025 | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | ||
| CVE-2024-36618 | — | < 3.4.2-150200.11.64.1 | 3.4.2-150200.11.64.1 | Nov 29, 2024 | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. | ||
| CVE-2024-36617 | — | < 3.4.2-150200.11.64.1 | 3.4.2-150200.11.64.1 | Nov 29, 2024 | FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. | ||
| CVE-2024-36616 | — | < 3.4.2-150200.11.64.1 | 3.4.2-150200.11.64.1 | Nov 29, 2024 | An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. | ||
| CVE-2024-35368 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Nov 29, 2024 | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | ||
| CVE-2024-32230 | — | < 3.4.2-150200.11.50.1 | 3.4.2-150200.11.50.1 | Jul 1, 2024 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 | ||
| CVE-2023-51794 | — | < 3.4.2-150200.11.47.1 | 3.4.2-150200.11.47.1 | Apr 26, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. | ||
| CVE-2023-51798 | — | < 3.4.2-150200.11.57.1 | 3.4.2-150200.11.57.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. | ||
| CVE-2023-51793 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. | ||
| CVE-2022-1475 | — | < 3.4.2-150200.11.64.1 | 3.4.2-150200.11.64.1 | May 2, 2022 | An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. | ||
| CVE-2021-38291 | — | < 3.4.2-150200.11.57.1 | 3.4.2-150200.11.57.1 | Aug 12, 2021 | FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | ||
| CVE-2020-22027 | — | < 3.4.2-150200.11.57.1 | 3.4.2-150200.11.57.1 | May 27, 2021 | A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences. |
- affected < 3.4.2-150200.11.67.1fixed 3.4.2-150200.11.67.1
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup
- affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
- CVE-2025-22921Feb 18, 2025affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
- CVE-2025-0518Jan 16, 2025affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu
- CVE-2024-36613Jan 3, 2025affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
- CVE-2024-35365Jan 3, 2025affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
- CVE-2024-36618Nov 29, 2024affected < 3.4.2-150200.11.64.1fixed 3.4.2-150200.11.64.1
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
- CVE-2024-36617Nov 29, 2024affected < 3.4.2-150200.11.64.1fixed 3.4.2-150200.11.64.1
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
- CVE-2024-36616Nov 29, 2024affected < 3.4.2-150200.11.64.1fixed 3.4.2-150200.11.64.1
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
- CVE-2024-35368Nov 29, 2024affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
- CVE-2024-32230Jul 1, 2024affected < 3.4.2-150200.11.50.1fixed 3.4.2-150200.11.50.1
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
- CVE-2023-51794Apr 26, 2024affected < 3.4.2-150200.11.47.1fixed 3.4.2-150200.11.47.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
- CVE-2023-51798Apr 19, 2024affected < 3.4.2-150200.11.57.1fixed 3.4.2-150200.11.57.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.
- CVE-2023-51793Apr 19, 2024affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
- CVE-2022-1475May 2, 2022affected < 3.4.2-150200.11.64.1fixed 3.4.2-150200.11.64.1
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
- CVE-2021-38291Aug 12, 2021affected < 3.4.2-150200.11.57.1fixed 3.4.2-150200.11.57.1
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
- CVE-2020-22027May 27, 2021affected < 3.4.2-150200.11.57.1fixed 3.4.2-150200.11.57.1
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.