ffmpeg-6-6.1.2-4.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15012-1 Final 1 1 2025-04-22T00:00:00Z current 2025-04-22T00:00:00Z 2025-04-22T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ffmpeg-6-6.1.2-4.1 on GA media These are all security issues fixed in the ffmpeg-6-6.1.2-4.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15012 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PBWTPGXISA6QWLKHLVSAH3P2Q3ZIYOT6/ E-Mail link for openSUSE-SU-2025:15012-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-50010/ SUSE CVE CVE-2023-50010 page https://www.suse.com/security/cve/CVE-2024-36613/ SUSE CVE CVE-2024-36613 page openSUSE Tumbleweed ffmpeg-6-6.1.2-4.1 ffmpeg-6-libavcodec-devel-6.1.2-4.1 ffmpeg-6-libavdevice-devel-6.1.2-4.1 ffmpeg-6-libavfilter-devel-6.1.2-4.1 ffmpeg-6-libavformat-devel-6.1.2-4.1 ffmpeg-6-libavutil-devel-6.1.2-4.1 ffmpeg-6-libpostproc-devel-6.1.2-4.1 ffmpeg-6-libswresample-devel-6.1.2-4.1 ffmpeg-6-libswscale-devel-6.1.2-4.1 libavcodec60-6.1.2-4.1 libavdevice60-6.1.2-4.1 libavfilter9-6.1.2-4.1 libavformat60-6.1.2-4.1 libavutil58-6.1.2-4.1 libpostproc57-6.1.2-4.1 libswresample4-6.1.2-4.1 libswscale7-6.1.2-4.1 ffmpeg-6-6.1.2-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libavcodec-devel-6.1.2-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libavdevice-devel-6.1.2-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libavfilter-devel-6.1.2-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libavformat-devel-6.1.2-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libavutil-devel-6.1.2-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libpostproc-devel-6.1.2-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libswresample-devel-6.1.2-4.1 as a component of openSUSE Tumbleweed ffmpeg-6-libswscale-devel-6.1.2-4.1 as a component of openSUSE Tumbleweed libavcodec60-6.1.2-4.1 as a component of openSUSE Tumbleweed libavdevice60-6.1.2-4.1 as a component of openSUSE Tumbleweed libavfilter9-6.1.2-4.1 as a component of openSUSE Tumbleweed libavformat60-6.1.2-4.1 as a component of openSUSE Tumbleweed libavutil58-6.1.2-4.1 as a component of openSUSE Tumbleweed libpostproc57-6.1.2-4.1 as a component of openSUSE Tumbleweed libswresample4-6.1.2-4.1 as a component of openSUSE Tumbleweed libswscale7-6.1.2-4.1 as a component of openSUSE Tumbleweed FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component. CVE-2023-50010 openSUSE Tumbleweed:ffmpeg-6-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libavcodec-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libavdevice-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libavfilter-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libavformat-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libavutil-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libpostproc-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libswresample-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libswscale-devel-6.1.2-4.1 openSUSE Tumbleweed:libavcodec60-6.1.2-4.1 openSUSE Tumbleweed:libavdevice60-6.1.2-4.1 openSUSE Tumbleweed:libavfilter9-6.1.2-4.1 openSUSE Tumbleweed:libavformat60-6.1.2-4.1 openSUSE Tumbleweed:libavutil58-6.1.2-4.1 openSUSE Tumbleweed:libpostproc57-6.1.2-4.1 openSUSE Tumbleweed:libswresample4-6.1.2-4.1 openSUSE Tumbleweed:libswscale7-6.1.2-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PBWTPGXISA6QWLKHLVSAH3P2Q3ZIYOT6/ https://www.suse.com/security/cve/CVE-2023-50010.html CVE-2023-50010 https://bugzilla.suse.com/1223256 SUSE Bug 1223256 FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. CVE-2024-36613 openSUSE Tumbleweed:ffmpeg-6-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libavcodec-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libavdevice-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libavfilter-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libavformat-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libavutil-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libpostproc-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libswresample-devel-6.1.2-4.1 openSUSE Tumbleweed:ffmpeg-6-libswscale-devel-6.1.2-4.1 openSUSE Tumbleweed:libavcodec60-6.1.2-4.1 openSUSE Tumbleweed:libavdevice60-6.1.2-4.1 openSUSE Tumbleweed:libavfilter9-6.1.2-4.1 openSUSE Tumbleweed:libavformat60-6.1.2-4.1 openSUSE Tumbleweed:libavutil58-6.1.2-4.1 openSUSE Tumbleweed:libpostproc57-6.1.2-4.1 openSUSE Tumbleweed:libswresample4-6.1.2-4.1 openSUSE Tumbleweed:libswscale7-6.1.2-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PBWTPGXISA6QWLKHLVSAH3P2Q3ZIYOT6/ https://www.suse.com/security/cve/CVE-2024-36613.html CVE-2024-36613 https://bugzilla.suse.com/1235092 SUSE Bug 1235092