rpm package
suse/ffmpeg&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-7700 | Med | 5.3 | < 3.4.2-150200.11.67.1 | 3.4.2-150200.11.67.1 | Nov 7, 2025 | A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup | |
| CVE-2025-22919 | Med | 6.5 | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Feb 18, 2025 | A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. | |
| CVE-2025-22921 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Feb 18, 2025 | FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. | ||
| CVE-2025-0518 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Jan 16, 2025 | Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu | ||
| CVE-2024-36613 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Jan 3, 2025 | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | ||
| CVE-2024-35365 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Jan 3, 2025 | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | ||
| CVE-2024-35368 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Nov 29, 2024 | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | ||
| CVE-2023-51794 | — | < 3.4.2-150200.11.47.1 | 3.4.2-150200.11.47.1 | Apr 26, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. | ||
| CVE-2023-51793 | — | < 3.4.2-150200.11.60.1 | 3.4.2-150200.11.60.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. | ||
| CVE-2023-50010 | — | < 3.4.2-150200.11.44.1 | 3.4.2-150200.11.44.1 | Apr 19, 2024 | FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component. | ||
| CVE-2023-49502 | — | < 3.4.2-150200.11.41.1 | 3.4.2-150200.11.41.1 | Apr 19, 2024 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. | ||
| CVE-2024-31578 | — | < 3.4.2-150200.11.41.1 | 3.4.2-150200.11.41.1 | Apr 17, 2024 | FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | ||
| CVE-2022-48434 | — | < 3.4.2-150200.11.28.1 | 3.4.2-150200.11.28.1 | Mar 29, 2023 | libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-vid | ||
| CVE-2021-38094 | — | < 3.4.2-150200.11.41.1 | 3.4.2-150200.11.41.1 | Sep 20, 2021 | Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2021-38091 | — | < 3.4.2-150200.11.41.1 | 3.4.2-150200.11.41.1 | Sep 20, 2021 | Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2021-38090 | — | < 3.4.2-150200.11.41.1 | 3.4.2-150200.11.41.1 | Sep 20, 2021 | Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||
| CVE-2020-20898 | — | < 3.4.2-150200.11.41.1 | 3.4.2-150200.11.41.1 | Sep 20, 2021 | Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. |
- affected < 3.4.2-150200.11.67.1fixed 3.4.2-150200.11.67.1
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup
- affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
- CVE-2025-22921Feb 18, 2025affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
- CVE-2025-0518Jan 16, 2025affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu
- CVE-2024-36613Jan 3, 2025affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
- CVE-2024-35365Jan 3, 2025affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
- CVE-2024-35368Nov 29, 2024affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
- CVE-2023-51794Apr 26, 2024affected < 3.4.2-150200.11.47.1fixed 3.4.2-150200.11.47.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
- CVE-2023-51793Apr 19, 2024affected < 3.4.2-150200.11.60.1fixed 3.4.2-150200.11.60.1
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
- CVE-2023-50010Apr 19, 2024affected < 3.4.2-150200.11.44.1fixed 3.4.2-150200.11.44.1
FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.
- CVE-2023-49502Apr 19, 2024affected < 3.4.2-150200.11.41.1fixed 3.4.2-150200.11.41.1
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.
- CVE-2024-31578Apr 17, 2024affected < 3.4.2-150200.11.41.1fixed 3.4.2-150200.11.41.1
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
- CVE-2022-48434Mar 29, 2023affected < 3.4.2-150200.11.28.1fixed 3.4.2-150200.11.28.1
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-vid
- CVE-2021-38094Sep 20, 2021affected < 3.4.2-150200.11.41.1fixed 3.4.2-150200.11.41.1
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38091Sep 20, 2021affected < 3.4.2-150200.11.41.1fixed 3.4.2-150200.11.41.1
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2021-38090Sep 20, 2021affected < 3.4.2-150200.11.41.1fixed 3.4.2-150200.11.41.1
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
- CVE-2020-20898Sep 20, 2021affected < 3.4.2-150200.11.41.1fixed 3.4.2-150200.11.41.1
Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.