ffmpeg-4-4.4.6-9.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15640-1 Final 1 1 2025-10-16T00:00:00Z current 2025-10-16T00:00:00Z 2025-10-16T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ffmpeg-4-4.4.6-9.1 on GA media These are all security issues fixed in the ffmpeg-4-4.4.6-9.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15640 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-59728/ SUSE CVE CVE-2025-59728 page openSUSE Tumbleweed ffmpeg-4-4.4.6-9.1 ffmpeg-4-libavcodec-devel-4.4.6-9.1 ffmpeg-4-libavdevice-devel-4.4.6-9.1 ffmpeg-4-libavfilter-devel-4.4.6-9.1 ffmpeg-4-libavformat-devel-4.4.6-9.1 ffmpeg-4-libavresample-devel-4.4.6-9.1 ffmpeg-4-libavutil-devel-4.4.6-9.1 ffmpeg-4-libpostproc-devel-4.4.6-9.1 ffmpeg-4-libswresample-devel-4.4.6-9.1 ffmpeg-4-libswscale-devel-4.4.6-9.1 ffmpeg-4-private-devel-4.4.6-9.1 libavcodec58_134-4.4.6-9.1 libavcodec58_134-32bit-4.4.6-9.1 libavdevice58_13-4.4.6-9.1 libavdevice58_13-32bit-4.4.6-9.1 libavfilter7_110-4.4.6-9.1 libavfilter7_110-32bit-4.4.6-9.1 libavformat58_76-4.4.6-9.1 libavformat58_76-32bit-4.4.6-9.1 libavresample4_0-4.4.6-9.1 libavresample4_0-32bit-4.4.6-9.1 libavutil56_70-4.4.6-9.1 libavutil56_70-32bit-4.4.6-9.1 libpostproc55_9-4.4.6-9.1 libpostproc55_9-32bit-4.4.6-9.1 libswresample3_9-4.4.6-9.1 libswresample3_9-32bit-4.4.6-9.1 libswscale5_9-4.4.6-9.1 libswscale5_9-32bit-4.4.6-9.1 ffmpeg-4-4.4.6-9.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavcodec-devel-4.4.6-9.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavdevice-devel-4.4.6-9.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavfilter-devel-4.4.6-9.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavformat-devel-4.4.6-9.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavresample-devel-4.4.6-9.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavutil-devel-4.4.6-9.1 as a component of openSUSE Tumbleweed ffmpeg-4-libpostproc-devel-4.4.6-9.1 as a component of openSUSE Tumbleweed ffmpeg-4-libswresample-devel-4.4.6-9.1 as a component of openSUSE Tumbleweed ffmpeg-4-libswscale-devel-4.4.6-9.1 as a component of openSUSE Tumbleweed ffmpeg-4-private-devel-4.4.6-9.1 as a component of openSUSE Tumbleweed libavcodec58_134-4.4.6-9.1 as a component of openSUSE Tumbleweed libavcodec58_134-32bit-4.4.6-9.1 as a component of openSUSE Tumbleweed libavdevice58_13-4.4.6-9.1 as a component of openSUSE Tumbleweed libavdevice58_13-32bit-4.4.6-9.1 as a component of openSUSE Tumbleweed libavfilter7_110-4.4.6-9.1 as a component of openSUSE Tumbleweed libavfilter7_110-32bit-4.4.6-9.1 as a component of openSUSE Tumbleweed libavformat58_76-4.4.6-9.1 as a component of openSUSE Tumbleweed libavformat58_76-32bit-4.4.6-9.1 as a component of openSUSE Tumbleweed libavresample4_0-4.4.6-9.1 as a component of openSUSE Tumbleweed libavresample4_0-32bit-4.4.6-9.1 as a component of openSUSE Tumbleweed libavutil56_70-4.4.6-9.1 as a component of openSUSE Tumbleweed libavutil56_70-32bit-4.4.6-9.1 as a component of openSUSE Tumbleweed libpostproc55_9-4.4.6-9.1 as a component of openSUSE Tumbleweed libpostproc55_9-32bit-4.4.6-9.1 as a component of openSUSE Tumbleweed libswresample3_9-4.4.6-9.1 as a component of openSUSE Tumbleweed libswresample3_9-32bit-4.4.6-9.1 as a component of openSUSE Tumbleweed libswscale5_9-4.4.6-9.1 as a component of openSUSE Tumbleweed libswscale5_9-32bit-4.4.6-9.1 as a component of openSUSE Tumbleweed When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is not an empty string, it is assigned to root_url at [1].If the last (non-NUL) byte in this buffer is not '/' then we append '/' in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer. We recommend upgrading to version 8.0 or beyond. CVE-2025-59728 openSUSE Tumbleweed:ffmpeg-4-4.4.6-9.1 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4.6-9.1 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4.6-9.1 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4.6-9.1 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4.6-9.1 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4.6-9.1 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4.6-9.1 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4.6-9.1 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4.6-9.1 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4.6-9.1 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4.6-9.1 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4.6-9.1 openSUSE Tumbleweed:libavcodec58_134-4.4.6-9.1 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4.6-9.1 openSUSE Tumbleweed:libavdevice58_13-4.4.6-9.1 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4.6-9.1 openSUSE Tumbleweed:libavfilter7_110-4.4.6-9.1 openSUSE Tumbleweed:libavformat58_76-32bit-4.4.6-9.1 openSUSE Tumbleweed:libavformat58_76-4.4.6-9.1 openSUSE Tumbleweed:libavresample4_0-32bit-4.4.6-9.1 openSUSE Tumbleweed:libavresample4_0-4.4.6-9.1 openSUSE Tumbleweed:libavutil56_70-32bit-4.4.6-9.1 openSUSE Tumbleweed:libavutil56_70-4.4.6-9.1 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4.6-9.1 openSUSE Tumbleweed:libpostproc55_9-4.4.6-9.1 openSUSE Tumbleweed:libswresample3_9-32bit-4.4.6-9.1 openSUSE Tumbleweed:libswresample3_9-4.4.6-9.1 openSUSE Tumbleweed:libswscale5_9-32bit-4.4.6-9.1 openSUSE Tumbleweed:libswscale5_9-4.4.6-9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-59728.html CVE-2025-59728 https://bugzilla.suse.com/1251137 SUSE Bug 1251137