rpm package

suse/ffmpeg-4&distro=SUSE Linux Enterprise Module for Package Hub 15 SP7

pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7

Vulnerabilities (14)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-40962	Med	4.9	< 4.4.7-150600.13.47.1	4.4.7-150600.13.47.1	Apr 16, 2026	FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
CVE-2026-30997	Hig	7.5	< 4.4.7-150600.13.47.1	4.4.7-150600.13.47.1	Apr 13, 2026	An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-10256		—	< 4.4.7-150600.13.47.1	4.4.7-150600.13.47.1	Feb 18, 2026	A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a cr
CVE-2025-63757		—	< 4.4.6-150600.13.38.1	4.4.6-150600.13.38.1	Dec 18, 2025	Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
CVE-2025-7700	Med	5.3	< 4.4.6-150600.13.30.1	4.4.6-150600.13.30.1	Nov 7, 2025	A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup
CVE-2025-59728	Hig	—	< 4.4.6-150600.13.33.1	4.4.6-150600.13.33.1	Oct 6, 2025	When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally.
CVE-2025-9951	Hig	—	< 4.4.7-150600.13.47.1	4.4.7-150600.13.47.1	Sep 9, 2025	A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
CVE-2025-1594		—	< 4.4.7-150600.13.47.1	4.4.7-150600.13.47.1	Feb 23, 2025	A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate th
CVE-2023-6601		—	< 4.4.6-150600.13.38.1	4.4.6-150600.13.38.1	Jan 6, 2025	A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
CVE-2024-36618		—	< 4.4.6-150600.13.27.1	4.4.6-150600.13.27.1	Nov 29, 2024	FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
CVE-2024-36617		—	< 4.4.6-150600.13.27.1	4.4.6-150600.13.27.1	Nov 29, 2024	FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
CVE-2024-36616		—	< 4.4.6-150600.13.27.1	4.4.6-150600.13.27.1	Nov 29, 2024	An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
CVE-2024-35368		—	< 4.4.7-150600.13.47.1	4.4.7-150600.13.47.1	Nov 29, 2024	FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
CVE-2024-35366		—	< 4.4.7-150600.13.47.1	4.4.7-150600.13.47.1	Nov 29, 2024	FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without

CVE-2026-40962MedApr 16, 2026
affected < 4.4.7-150600.13.47.1fixed 4.4.7-150600.13.47.1
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
CVE-2026-30997HigApr 13, 2026
affected < 4.4.7-150600.13.47.1fixed 4.4.7-150600.13.47.1
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-10256Feb 18, 2026
affected < 4.4.7-150600.13.47.1fixed 4.4.7-150600.13.47.1
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a cr
CVE-2025-63757Dec 18, 2025
affected < 4.4.6-150600.13.38.1fixed 4.4.6-150600.13.38.1
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
CVE-2025-7700MedNov 7, 2025
affected < 4.4.6-150600.13.30.1fixed 4.4.6-150600.13.30.1
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup
CVE-2025-59728HigOct 6, 2025
affected < 4.4.6-150600.13.33.1fixed 4.4.6-150600.13.33.1
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally.
CVE-2025-9951HigSep 9, 2025
affected < 4.4.7-150600.13.47.1fixed 4.4.7-150600.13.47.1
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
CVE-2025-1594Feb 23, 2025
affected < 4.4.7-150600.13.47.1fixed 4.4.7-150600.13.47.1
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate th
CVE-2023-6601Jan 6, 2025
affected < 4.4.6-150600.13.38.1fixed 4.4.6-150600.13.38.1
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
CVE-2024-36618Nov 29, 2024
affected < 4.4.6-150600.13.27.1fixed 4.4.6-150600.13.27.1
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
CVE-2024-36617Nov 29, 2024
affected < 4.4.6-150600.13.27.1fixed 4.4.6-150600.13.27.1
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
CVE-2024-36616Nov 29, 2024
affected < 4.4.6-150600.13.27.1fixed 4.4.6-150600.13.27.1
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
CVE-2024-35368Nov 29, 2024
affected < 4.4.7-150600.13.47.1fixed 4.4.7-150600.13.47.1
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
CVE-2024-35366Nov 29, 2024
affected < 4.4.7-150600.13.47.1fixed 4.4.7-150600.13.47.1
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without