USN-8469-1
- Source
- https://ubuntu.com/security/notices/USN-8469-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8469-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-8469-1
- Upstream
- Related
- Published
- 2026-06-24T16:14:42Z
- Modified
- 2026-06-25T00:29:23.004046605Z
- Summary
- ffmpeg vulnerabilities
- Details
-
Jiasheng Jiang discovered that FFmpeg incorrectly handled memory in certain error-handling paths of its TensorFlow DNN backend. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2025-12343)
Quang Luong discovered that FFmpeg incorrectly handled certain subsample data. An attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2026-40962)
- References
Affected packages
Ubuntu:Pro:20.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:4.2.7-0ubuntu0.1+esm13
Affected versions
7:4.*
7:4.1.4-1build2
7:4.2.1-2
7:4.2.1-2ubuntu1
7:4.2.2-1build1
7:4.2.2-1ubuntu1
7:4.2.4-1ubuntu0.1
7:4.2.4-1ubuntu0.1+esm1
7:4.2.7-0ubuntu0.1
7:4.2.7-0ubuntu0.1+esm1
7:4.2.7-0ubuntu0.1+esm2
7:4.2.7-0ubuntu0.1+esm3
7:4.2.7-0ubuntu0.1+esm4
7:4.2.7-0ubuntu0.1+esm5
7:4.2.7-0ubuntu0.1+esm6
7:4.2.7-0ubuntu0.1+esm7
7:4.2.7-0ubuntu0.1+esm8
7:4.2.7-0ubuntu0.1+esm9
7:4.2.7-0ubuntu0.1+esm10
7:4.2.7-0ubuntu0.1+esm11
7:4.2.7-0ubuntu0.1+esm12
Ecosystem specific
{
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libavcodec-extra58",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libavcodec58",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libavdevice58",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libavfilter-extra7",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libavfilter7",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libavformat58",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libavresample4",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libavutil56",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libpostproc55",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libswresample3",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
},
{
"binary_name": "libswscale5",
"binary_version": "7:4.2.7-0ubuntu0.1+esm13"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8469-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"cves": [
{
"id": "CVE-2026-40962",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
Ubuntu:Pro:22.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:4.4.2-0ubuntu0.22.04.1+esm12
Affected versions
7:4.*
7:4.4-6ubuntu5
7:4.4.1-2ubuntu1
7:4.4.1-3ubuntu1
7:4.4.1-3ubuntu2
7:4.4.1-3ubuntu3
7:4.4.1-3ubuntu5
7:4.4.2-0ubuntu0.22.04.1
7:4.4.2-0ubuntu0.22.04.1+esm1
7:4.4.2-0ubuntu0.22.04.1+esm2
7:4.4.2-0ubuntu0.22.04.1+esm3
7:4.4.2-0ubuntu0.22.04.1+esm4
7:4.4.2-0ubuntu0.22.04.1+esm5
7:4.4.2-0ubuntu0.22.04.1+esm6
7:4.4.2-0ubuntu0.22.04.1+esm7
7:4.4.2-0ubuntu0.22.04.1+esm8
7:4.4.2-0ubuntu0.22.04.1+esm9
7:4.4.2-0ubuntu0.22.04.1+esm10
7:4.4.2-0ubuntu0.22.04.1+esm11
Ecosystem specific
{
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavcodec-extra58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavcodec58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavdevice58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavfilter-extra7",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavfilter7",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavformat-extra",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavformat-extra58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavformat58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libavutil56",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libpostproc55",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libswresample3",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
},
{
"binary_name": "libswscale5",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm12"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8469-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"cves": [
{
"id": "CVE-2026-40962",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
Ubuntu:Pro:24.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:6.1.1-3ubuntu5+esm10
Affected versions
7:6.*
7:6.0-6ubuntu1
7:6.0-9ubuntu1
7:6.1-2ubuntu1
7:6.1-3ubuntu1
7:6.1-4ubuntu1
7:6.1-5ubuntu1
7:6.1.1-1ubuntu1
7:6.1.1-3ubuntu1
7:6.1.1-3ubuntu5
7:6.1.1-3ubuntu5+esm1
7:6.1.1-3ubuntu5+esm2
7:6.1.1-3ubuntu5+esm3
7:6.1.1-3ubuntu5+esm4
7:6.1.1-3ubuntu5+esm5
7:6.1.1-3ubuntu5+esm6
7:6.1.1-3ubuntu5+esm7
7:6.1.1-3ubuntu5+esm8
Ecosystem specific
{
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavcodec-extra60",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavcodec60",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavdevice60",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavfilter-extra9",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavfilter9",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavformat-extra",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavformat-extra60",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavformat60",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libavutil58",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libpostproc57",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libswresample4",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
},
{
"binary_name": "libswscale7",
"binary_version": "7:6.1.1-3ubuntu5+esm10"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8469-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"cves": [
{
"id": "CVE-2025-12343",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-40962",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
Ubuntu:Pro:26.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg?arch=source&distro=esm-apps%2Fresolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:8.0.1-3ubuntu2+esm1
Affected versions
7:7.*
7:7.1.1-1ubuntu4
7:7.1.2-1ubuntu3
7:7.1.2-1ubuntu4
7:7.1.3-1ubuntu1
7:8.*
7:8.0.1-2ubuntu1
7:8.0.1-3ubuntu1
7:8.0.1-3ubuntu2
Ecosystem specific
{
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavcodec-extra62",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavcodec62",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavdevice62",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavfilter-extra11",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavfilter11",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavformat-extra",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavformat-extra62",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavformat62",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libavutil60",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libswresample6",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
},
{
"binary_name": "libswscale9",
"binary_version": "7:8.0.1-3ubuntu2+esm1"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8469-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:26.04:LTS",
"cves": [
{
"id": "CVE-2026-40962",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}