USN-7538-1
- Source
- https://ubuntu.com/security/notices/USN-7538-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7538-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7538-1
- Upstream
- Related
- Published
- 2025-05-28T01:00:46Z
- Modified
- 2026-05-20T16:03:46.024819070Z
- Summary
- ffmpeg vulnerabilities
- Details
-
Simcha Kosman discovered that FFmpeg did not correctly handle certain return values. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-0518)
It was discovered that FFmpeg did not correctly handle certain memory operations. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.10. (CVE-2025-1816)
It was discovered that FFmpeg contained a reachable assertion, which could lead to a failure when processing certain AAC files. If a user or automated system were tricked into opening a specially crafted AAC file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-22919)
It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10 and Ubuntu 25.04. (CVE-2025-22921)
It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10 and Ubuntu 25.04. (CVE-2025-25473)
- References
Affected packages
Ubuntu:Pro:16.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg?arch=source&distro=esm-infra-legacy%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:2.8.17-0ubuntu0.1+esm10
Affected versions
7:2.*
7:2.7.2-1build1
7:2.8.1-1ubuntu1
7:2.8.2-1ubuntu1
7:2.8.3-1
7:2.8.4-1
7:2.8.4-1ubuntu1
7:2.8.4-1ubuntu2
7:2.8.4-1ubuntu3
7:2.8.4-1ubuntu4
7:2.8.6-1ubuntu1
7:2.8.6-1ubuntu2
7:2.8.8-0ubuntu0.16.04.1
7:2.8.10-0ubuntu0.16.04.1
7:2.8.11-0ubuntu0.16.04.1
7:2.8.14-0ubuntu0.16.04.1
7:2.8.15-0ubuntu0.16.04.1
7:2.8.15-0ubuntu0.16.04.1+esm1
7:2.8.17-0ubuntu0.1
7:2.8.17-0ubuntu0.1+esm1
7:2.8.17-0ubuntu0.1+esm2
7:2.8.17-0ubuntu0.1+esm3
7:2.8.17-0ubuntu0.1+esm4
7:2.8.17-0ubuntu0.1+esm5
7:2.8.17-0ubuntu0.1+esm6
7:2.8.17-0ubuntu0.1+esm7
7:2.8.17-0ubuntu0.1+esm8
7:2.8.17-0ubuntu0.1+esm9
Ecosystem specific
{
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libav-tools"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libavcodec-ffmpeg-extra56"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libavcodec-ffmpeg56"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libavdevice-ffmpeg56"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libavfilter-ffmpeg5"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libavformat-ffmpeg56"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libavresample-ffmpeg2"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libavutil-ffmpeg54"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libpostproc-ffmpeg53"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libswresample-ffmpeg1"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm10",
"binary_name": "libswscale-ffmpeg3"
}
]
}
Ubuntu:Pro:18.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:3.4.11-0ubuntu0.1+esm8
Affected versions
7:3.*
7:3.3.4-2
7:3.3.4-2build3
7:3.4-2ubuntu2
7:3.4-4
7:3.4-4build1
7:3.4.1-1
7:3.4.1-1build1
7:3.4.2-1
7:3.4.2-1build1
7:3.4.2-2
7:3.4.4-0ubuntu0.18.04.1
7:3.4.6-0ubuntu0.18.04.1
7:3.4.8-0ubuntu0.2
7:3.4.11-0ubuntu0.1
7:3.4.11-0ubuntu0.1+esm1
7:3.4.11-0ubuntu0.1+esm2
7:3.4.11-0ubuntu0.1+esm3
7:3.4.11-0ubuntu0.1+esm4
7:3.4.11-0ubuntu0.1+esm5
7:3.4.11-0ubuntu0.1+esm6
7:3.4.11-0ubuntu0.1+esm7
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libavcodec-extra57"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libavcodec57"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libavdevice57"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libavfilter-extra6"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libavfilter6"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libavformat57"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libavresample3"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libavutil55"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libpostproc54"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libswresample2"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm8",
"binary_name": "libswscale4"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7538-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"cves": [
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-0518"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-22919"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-25473"
}
]
}
Ubuntu:Pro:20.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:4.2.7-0ubuntu0.1+esm8
Affected versions
7:4.*
7:4.1.4-1build2
7:4.2.1-2
7:4.2.1-2ubuntu1
7:4.2.2-1build1
7:4.2.2-1ubuntu1
7:4.2.4-1ubuntu0.1
7:4.2.4-1ubuntu0.1+esm1
7:4.2.7-0ubuntu0.1
7:4.2.7-0ubuntu0.1+esm1
7:4.2.7-0ubuntu0.1+esm2
7:4.2.7-0ubuntu0.1+esm3
7:4.2.7-0ubuntu0.1+esm4
7:4.2.7-0ubuntu0.1+esm5
7:4.2.7-0ubuntu0.1+esm6
7:4.2.7-0ubuntu0.1+esm7
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libavcodec-extra58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libavcodec58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libavdevice58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libavfilter-extra7"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libavfilter7"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libavformat58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libavresample4"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libavutil56"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libpostproc55"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libswresample3"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm8",
"binary_name": "libswscale5"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7538-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"cves": [
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-0518"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-22919"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-25473"
}
]
}
Ubuntu:Pro:22.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:4.4.2-0ubuntu0.22.04.1+esm7
Affected versions
7:4.*
7:4.4-6ubuntu5
7:4.4.1-2ubuntu1
7:4.4.1-3ubuntu1
7:4.4.1-3ubuntu2
7:4.4.1-3ubuntu3
7:4.4.1-3ubuntu5
7:4.4.2-0ubuntu0.22.04.1
7:4.4.2-0ubuntu0.22.04.1+esm1
7:4.4.2-0ubuntu0.22.04.1+esm2
7:4.4.2-0ubuntu0.22.04.1+esm3
7:4.4.2-0ubuntu0.22.04.1+esm4
7:4.4.2-0ubuntu0.22.04.1+esm5
7:4.4.2-0ubuntu0.22.04.1+esm6
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavcodec-extra58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavcodec58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavdevice58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavfilter-extra7"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavfilter7"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavformat-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavformat-extra58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavformat58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libavutil56"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libpostproc55"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libswresample3"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm7",
"binary_name": "libswscale5"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7538-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"cves": [
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-0518"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-22919"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-22921"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-25473"
}
]
}
Ubuntu:Pro:24.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:6.1.1-3ubuntu5+esm3
Affected versions
7:6.*
7:6.0-6ubuntu1
7:6.0-9ubuntu1
7:6.1-2ubuntu1
7:6.1-3ubuntu1
7:6.1-4ubuntu1
7:6.1-5ubuntu1
7:6.1.1-1ubuntu1
7:6.1.1-3ubuntu1
7:6.1.1-3ubuntu5
7:6.1.1-3ubuntu5+esm1
7:6.1.1-3ubuntu5+esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavcodec-extra60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavcodec60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavdevice60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavfilter-extra9"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavfilter9"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavformat-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavformat-extra60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavformat60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libavutil58"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libpostproc57"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libswresample4"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm3",
"binary_name": "libswscale7"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7538-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"cves": [
{
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-0518"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-22919"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-22921"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-25473"
}
]
}