rpm package

suse/ffmpeg-4&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS

Vulnerabilities (30)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-40962	Med	4.9	< 4.4.7-150400.3.67.1	4.4.7-150400.3.67.1	Apr 16, 2026	FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
CVE-2026-30997	Hig	7.5	< 4.4.7-150400.3.67.1	4.4.7-150400.3.67.1	Apr 13, 2026	An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-10256		—	< 4.4.7-150400.3.67.1	4.4.7-150400.3.67.1	Feb 18, 2026	A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a cr
CVE-2025-63757		—	< 4.4.6-150400.3.60.1	4.4.6-150400.3.60.1	Dec 18, 2025	Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
CVE-2025-7700	Med	5.3	< 4.4.6-150400.3.52.1	4.4.6-150400.3.52.1	Nov 7, 2025	A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup
CVE-2025-59728	Hig	—	< 4.4.6-150400.3.55.1	4.4.6-150400.3.55.1	Oct 6, 2025	When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally.
CVE-2025-9951	Hig	—	< 4.4.7-150400.3.67.1	4.4.7-150400.3.67.1	Sep 9, 2025	A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
CVE-2025-1594		—	< 4.4.7-150400.3.67.1	4.4.7-150400.3.67.1	Feb 23, 2025	A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate th
CVE-2025-25473	Med	5.3	< 4.4.5-150400.3.46.1	4.4.5-150400.3.46.1	Feb 18, 2025	FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.
CVE-2025-22919	Med	6.5	< 4.4.5-150400.3.46.1	4.4.5-150400.3.46.1	Feb 18, 2025	A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
CVE-2025-22921		—	< 4.4.5-150400.3.46.1	4.4.5-150400.3.46.1	Feb 18, 2025	FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
CVE-2025-0518		—	< 4.4.5-150400.3.46.1	4.4.5-150400.3.46.1	Jan 16, 2025	Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu
CVE-2023-6601		—	< 4.4.6-150400.3.60.1	4.4.6-150400.3.60.1	Jan 6, 2025	A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
CVE-2024-36613		—	< 4.4.5-150400.3.46.1	4.4.5-150400.3.46.1	Jan 3, 2025	FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
CVE-2024-36618		—	< 4.4.6-150400.3.52.1	4.4.6-150400.3.52.1	Nov 29, 2024	FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
CVE-2024-35368		—	< 4.4.5-150400.3.46.1	4.4.5-150400.3.46.1	Nov 29, 2024	FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
CVE-2024-35366		—	< 4.4.7-150400.3.67.1	4.4.7-150400.3.67.1	Nov 29, 2024	FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without
CVE-2024-7055		—	< 4.4-150400.3.42.1	4.4-150400.3.42.1	Aug 6, 2024	A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit h
CVE-2023-47282	Low	3.9	< 4.4-150400.3.42.1	4.4-150400.3.42.1	May 16, 2024	Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-22656	Low	3.9	< 4.4-150400.3.42.1	4.4-150400.3.42.1	May 16, 2024	Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2026-40962MedApr 16, 2026
affected < 4.4.7-150400.3.67.1fixed 4.4.7-150400.3.67.1
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
CVE-2026-30997HigApr 13, 2026
affected < 4.4.7-150400.3.67.1fixed 4.4.7-150400.3.67.1
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-10256Feb 18, 2026
affected < 4.4.7-150400.3.67.1fixed 4.4.7-150400.3.67.1
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a cr
CVE-2025-63757Dec 18, 2025
affected < 4.4.6-150400.3.60.1fixed 4.4.6-150400.3.60.1
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
CVE-2025-7700MedNov 7, 2025
affected < 4.4.6-150400.3.52.1fixed 4.4.6-150400.3.52.1
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup
CVE-2025-59728HigOct 6, 2025
affected < 4.4.6-150400.3.55.1fixed 4.4.6-150400.3.55.1
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally.
CVE-2025-9951HigSep 9, 2025
affected < 4.4.7-150400.3.67.1fixed 4.4.7-150400.3.67.1
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
CVE-2025-1594Feb 23, 2025
affected < 4.4.7-150400.3.67.1fixed 4.4.7-150400.3.67.1
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate th
CVE-2025-25473MedFeb 18, 2025
affected < 4.4.5-150400.3.46.1fixed 4.4.5-150400.3.46.1
FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.
CVE-2025-22919MedFeb 18, 2025
affected < 4.4.5-150400.3.46.1fixed 4.4.5-150400.3.46.1
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
CVE-2025-22921Feb 18, 2025
affected < 4.4.5-150400.3.46.1fixed 4.4.5-150400.3.46.1
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
CVE-2025-0518Jan 16, 2025
affected < 4.4.5-150400.3.46.1fixed 4.4.5-150400.3.46.1
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu
CVE-2023-6601Jan 6, 2025
affected < 4.4.6-150400.3.60.1fixed 4.4.6-150400.3.60.1
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
CVE-2024-36613Jan 3, 2025
affected < 4.4.5-150400.3.46.1fixed 4.4.5-150400.3.46.1
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
CVE-2024-36618Nov 29, 2024
affected < 4.4.6-150400.3.52.1fixed 4.4.6-150400.3.52.1
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
CVE-2024-35368Nov 29, 2024
affected < 4.4.5-150400.3.46.1fixed 4.4.5-150400.3.46.1
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
CVE-2024-35366Nov 29, 2024
affected < 4.4.7-150400.3.67.1fixed 4.4.7-150400.3.67.1
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without
CVE-2024-7055Aug 6, 2024
affected < 4.4-150400.3.42.1fixed 4.4-150400.3.42.1
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit h
CVE-2023-47282LowMay 16, 2024
affected < 4.4-150400.3.42.1fixed 4.4-150400.3.42.1
Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-22656LowMay 16, 2024
affected < 4.4-150400.3.42.1fixed 4.4-150400.3.42.1
Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Page 1 of 2