VYPR

rpm package

suse/ffmpeg-4&distro=SUSE Linux Enterprise Workstation Extension 15 SP6

pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6

Vulnerabilities (22)

  • CVE-2025-7700MedNov 7, 2025
    affected < 4.4.6-150600.13.30.1fixed 4.4.6-150600.13.30.1

    A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrup

  • CVE-2025-59728HigOct 6, 2025
    affected < 4.4.6-150600.13.33.1fixed 4.4.6-150600.13.33.1

    When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally.

  • CVE-2025-25473MedFeb 18, 2025
    affected < 4.4.5-150600.13.16.1fixed 4.4.5-150600.13.16.1

    FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.

  • CVE-2025-22919MedFeb 18, 2025
    affected < 4.4.5-150600.13.16.1fixed 4.4.5-150600.13.16.1

    A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.

  • CVE-2025-22921Feb 18, 2025
    affected < 4.4.5-150600.13.16.1fixed 4.4.5-150600.13.16.1

    FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.

  • CVE-2025-0518Jan 16, 2025
    affected < 4.4.5-150600.13.16.1fixed 4.4.5-150600.13.16.1

    Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issu

  • CVE-2024-36613Jan 3, 2025
    affected < 4.4.5-150600.13.16.1fixed 4.4.5-150600.13.16.1

    FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.

  • CVE-2024-36618Nov 29, 2024
    affected < 4.4.6-150600.13.27.1fixed 4.4.6-150600.13.27.1

    FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.

  • CVE-2024-36617Nov 29, 2024
    affected < 4.4.6-150600.13.27.1fixed 4.4.6-150600.13.27.1

    FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

  • CVE-2024-36616Nov 29, 2024
    affected < 4.4.6-150600.13.27.1fixed 4.4.6-150600.13.27.1

    An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.

  • CVE-2024-35368Nov 29, 2024
    affected < 4.4.5-150600.13.16.1fixed 4.4.5-150600.13.16.1

    FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.

  • CVE-2024-7055Aug 6, 2024
    affected < 4.4-150600.13.13.1fixed 4.4-150600.13.13.1

    A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit h

  • CVE-2024-32230Jul 1, 2024
    affected < 4.4-150600.13.10.1fixed 4.4-150600.13.10.1

    FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0

  • CVE-2023-51794Apr 26, 2024
    affected < 4.4-150600.13.5.1fixed 4.4-150600.13.5.1

    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.

  • CVE-2023-51798Apr 19, 2024
    affected < 4.4-150600.13.10.1fixed 4.4-150600.13.10.1

    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.

  • CVE-2023-51793Apr 19, 2024
    affected < 4.4.5-150600.13.16.1fixed 4.4.5-150600.13.16.1

    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.

  • CVE-2023-50010Apr 19, 2024
    affected < 4.4.5-150600.13.16.1fixed 4.4.5-150600.13.16.1

    FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.

  • CVE-2023-49502Apr 19, 2024
    affected < 4.4.5-150600.13.16.1fixed 4.4.5-150600.13.16.1

    Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.

  • CVE-2024-31578Apr 17, 2024
    affected < 4.4.5-150600.13.16.1fixed 4.4.5-150600.13.16.1

    FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

  • CVE-2022-48434Mar 29, 2023
    affected < 4.4.5-150600.13.19.1fixed 4.4.5-150600.13.19.1

    libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-vid

Page 1 of 2