SUSE-SU-2025:0862-1

CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382).
CVE-2025-25473: Fixed memory leak in avformatfreecontext() (bsc#1237351).
CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007).
CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371).
CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358).
CVE-2024-35368: Fixed Double Free via the rkmppretrieveframe function within libavcodec/rkmppdec.c (bsc#1234028).
CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092).
CVE-2023-50010: Fixed arbitrary code execution via the setencoderid function in /fftools/ffmpeg_enc.c component (bsc#1223256).
CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437).
CVE-2023-51793: Fixed heap buffer overflow in the imagecopyplane function in libavutil/imgutils.c (bsc#1223272).
CVE-2023-49502: Fixed heap buffer overflow via the ffbwdiffilterintrac function in libavfilter/bwdifdsp.c (bsc#1223235).
CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304).
CVE-2024-31578: Fixed heap use-after-free via the avhwframectx_init function (bsc#1223070).
CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026).
CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideoenc.c in loadinput_picture (bsc#1227296).

Other fixes: - Updated to version 4.4.5.

References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP6 / ffmpeg-4

Package

Name: ffmpeg-4
Purl: pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.5-150600.13.16.1

Ecosystem specific

{
    "binaries": [
        {
            "ffmpeg-4-libavformat-devel": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libavutil-devel": "4.4.5-150600.13.16.1",
            "ffmpeg-4-private-devel": "4.4.5-150600.13.16.1",
            "libavfilter7_110": "4.4.5-150600.13.16.1",
            "libswscale5_9": "4.4.5-150600.13.16.1",
            "libavdevice58_13": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libpostproc-devel": "4.4.5-150600.13.16.1",
            "ffmpeg-4": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libavcodec-devel": "4.4.5-150600.13.16.1",
            "libavcodec58_134": "4.4.5-150600.13.16.1",
            "libavformat58_76": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libavdevice-devel": "4.4.5-150600.13.16.1",
            "libavresample4_0": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libavresample-devel": "4.4.5-150600.13.16.1",
            "libpostproc55_9": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libavfilter-devel": "4.4.5-150600.13.16.1",
            "libswresample3_9": "4.4.5-150600.13.16.1",
            "libavutil56_70": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libswscale-devel": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libswresample-devel": "4.4.5-150600.13.16.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP6 / ffmpeg-4

Package

Name: ffmpeg-4
Purl: pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.5-150600.13.16.1

Ecosystem specific

{
    "binaries": [
        {
            "libavcodec58_134": "4.4.5-150600.13.16.1",
            "libavformat58_76": "4.4.5-150600.13.16.1",
            "libavutil56_70": "4.4.5-150600.13.16.1",
            "libswscale5_9": "4.4.5-150600.13.16.1",
            "libswresample3_9": "4.4.5-150600.13.16.1"
        }
    ]
}

openSUSE:Leap 15.6 / ffmpeg-4

Package

Name: ffmpeg-4
Purl: pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.5-150600.13.16.1

Ecosystem specific

{
    "binaries": [
        {
            "ffmpeg-4-libavutil-devel": "4.4.5-150600.13.16.1",
            "libavdevice58_13-32bit": "4.4.5-150600.13.16.1",
            "ffmpeg-4-private-devel": "4.4.5-150600.13.16.1",
            "libswscale5_9-32bit": "4.4.5-150600.13.16.1",
            "libavfilter7_110": "4.4.5-150600.13.16.1",
            "libavresample4_0-32bit": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libavfilter-devel": "4.4.5-150600.13.16.1",
            "libavdevice58_13": "4.4.5-150600.13.16.1",
            "ffmpeg-4": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libavcodec-devel": "4.4.5-150600.13.16.1",
            "libavcodec58_134": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libavresample-devel": "4.4.5-150600.13.16.1",
            "libswresample3_9": "4.4.5-150600.13.16.1",
            "libavcodec58_134-32bit": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libswscale-devel": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libavformat-devel": "4.4.5-150600.13.16.1",
            "libavutil56_70-32bit": "4.4.5-150600.13.16.1",
            "libavfilter7_110-32bit": "4.4.5-150600.13.16.1",
            "libpostproc55_9-32bit": "4.4.5-150600.13.16.1",
            "libswresample3_9-32bit": "4.4.5-150600.13.16.1",
            "libswscale5_9": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libpostproc-devel": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libavdevice-devel": "4.4.5-150600.13.16.1",
            "libavformat58_76-32bit": "4.4.5-150600.13.16.1",
            "libavformat58_76": "4.4.5-150600.13.16.1",
            "libavresample4_0": "4.4.5-150600.13.16.1",
            "libpostproc55_9": "4.4.5-150600.13.16.1",
            "libavutil56_70": "4.4.5-150600.13.16.1",
            "ffmpeg-4-libswresample-devel": "4.4.5-150600.13.16.1"
        }
    ]
}