ffmpeg-4-4.4.5-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15895 Final 1 1 2025-02-25T00:00:00Z current 2025-02-25T00:00:00Z 2025-02-25T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ffmpeg-4-4.4.5-3.1 on GA media These are all security issues fixed in the ffmpeg-4-4.4.5-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15895 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-12361/ SUSE CVE CVE-2024-12361 page https://www.suse.com/security/cve/CVE-2024-36613/ SUSE CVE CVE-2024-36613 page https://www.suse.com/security/cve/CVE-2025-0518/ SUSE CVE CVE-2025-0518 page https://www.suse.com/security/cve/CVE-2025-22919/ SUSE CVE CVE-2025-22919 page https://www.suse.com/security/cve/CVE-2025-22921/ SUSE CVE CVE-2025-22921 page https://www.suse.com/security/cve/CVE-2025-25473/ SUSE CVE CVE-2025-25473 page openSUSE Tumbleweed ffmpeg-4-4.4.5-3.1 ffmpeg-4-libavcodec-devel-4.4.5-3.1 ffmpeg-4-libavdevice-devel-4.4.5-3.1 ffmpeg-4-libavfilter-devel-4.4.5-3.1 ffmpeg-4-libavformat-devel-4.4.5-3.1 ffmpeg-4-libavresample-devel-4.4.5-3.1 ffmpeg-4-libavutil-devel-4.4.5-3.1 ffmpeg-4-libpostproc-devel-4.4.5-3.1 ffmpeg-4-libswresample-devel-4.4.5-3.1 ffmpeg-4-libswscale-devel-4.4.5-3.1 ffmpeg-4-private-devel-4.4.5-3.1 libavcodec58_134-4.4.5-3.1 libavcodec58_134-32bit-4.4.5-3.1 libavdevice58_13-4.4.5-3.1 libavdevice58_13-32bit-4.4.5-3.1 libavfilter7_110-4.4.5-3.1 libavfilter7_110-32bit-4.4.5-3.1 libavformat58_76-4.4.5-3.1 libavformat58_76-32bit-4.4.5-3.1 libavresample4_0-4.4.5-3.1 libavresample4_0-32bit-4.4.5-3.1 libavutil56_70-4.4.5-3.1 libavutil56_70-32bit-4.4.5-3.1 libpostproc55_9-4.4.5-3.1 libpostproc55_9-32bit-4.4.5-3.1 libswresample3_9-4.4.5-3.1 libswresample3_9-32bit-4.4.5-3.1 libswscale5_9-4.4.5-3.1 libswscale5_9-32bit-4.4.5-3.1 ffmpeg-4-4.4.5-3.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavcodec-devel-4.4.5-3.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavdevice-devel-4.4.5-3.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavfilter-devel-4.4.5-3.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavformat-devel-4.4.5-3.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavresample-devel-4.4.5-3.1 as a component of openSUSE Tumbleweed ffmpeg-4-libavutil-devel-4.4.5-3.1 as a component of openSUSE Tumbleweed ffmpeg-4-libpostproc-devel-4.4.5-3.1 as a component of openSUSE Tumbleweed ffmpeg-4-libswresample-devel-4.4.5-3.1 as a component of openSUSE Tumbleweed ffmpeg-4-libswscale-devel-4.4.5-3.1 as a component of openSUSE Tumbleweed ffmpeg-4-private-devel-4.4.5-3.1 as a component of openSUSE Tumbleweed libavcodec58_134-4.4.5-3.1 as a component of openSUSE Tumbleweed libavcodec58_134-32bit-4.4.5-3.1 as a component of openSUSE Tumbleweed libavdevice58_13-4.4.5-3.1 as a component of openSUSE Tumbleweed libavdevice58_13-32bit-4.4.5-3.1 as a component of openSUSE Tumbleweed libavfilter7_110-4.4.5-3.1 as a component of openSUSE Tumbleweed libavfilter7_110-32bit-4.4.5-3.1 as a component of openSUSE Tumbleweed libavformat58_76-4.4.5-3.1 as a component of openSUSE Tumbleweed libavformat58_76-32bit-4.4.5-3.1 as a component of openSUSE Tumbleweed libavresample4_0-4.4.5-3.1 as a component of openSUSE Tumbleweed libavresample4_0-32bit-4.4.5-3.1 as a component of openSUSE Tumbleweed libavutil56_70-4.4.5-3.1 as a component of openSUSE Tumbleweed libavutil56_70-32bit-4.4.5-3.1 as a component of openSUSE Tumbleweed libpostproc55_9-4.4.5-3.1 as a component of openSUSE Tumbleweed libpostproc55_9-32bit-4.4.5-3.1 as a component of openSUSE Tumbleweed libswresample3_9-4.4.5-3.1 as a component of openSUSE Tumbleweed libswresample3_9-32bit-4.4.5-3.1 as a component of openSUSE Tumbleweed libswscale5_9-4.4.5-3.1 as a component of openSUSE Tumbleweed libswscale5_9-32bit-4.4.5-3.1 as a component of openSUSE Tumbleweed unknown CVE-2024-12361 openSUSE Tumbleweed:ffmpeg-4-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-4.4.5-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-12361.html CVE-2024-12361 https://bugzilla.suse.com/1237358 SUSE Bug 1237358 FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. CVE-2024-36613 openSUSE Tumbleweed:ffmpeg-4-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-4.4.5-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-36613.html CVE-2024-36613 https://bugzilla.suse.com/1235092 SUSE Bug 1235092 Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman CVE-2025-0518 openSUSE Tumbleweed:ffmpeg-4-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-4.4.5-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0518.html CVE-2025-0518 https://bugzilla.suse.com/1236007 SUSE Bug 1236007 A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. CVE-2025-22919 openSUSE Tumbleweed:ffmpeg-4-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-4.4.5-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-22919.html CVE-2025-22919 https://bugzilla.suse.com/1237371 SUSE Bug 1237371 FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. CVE-2025-22921 openSUSE Tumbleweed:ffmpeg-4-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-4.4.5-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-22921.html CVE-2025-22921 https://bugzilla.suse.com/1237382 SUSE Bug 1237382 FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. CVE-2025-25473 openSUSE Tumbleweed:ffmpeg-4-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavcodec-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavdevice-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavfilter-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavformat-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libavutil-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libpostproc-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswresample-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-libswscale-devel-4.4.5-3.1 openSUSE Tumbleweed:ffmpeg-4-private-devel-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavcodec58_134-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavdevice58_13-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavfilter7_110-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavformat58_76-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavresample4_0-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-32bit-4.4.5-3.1 openSUSE Tumbleweed:libavutil56_70-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libpostproc55_9-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswresample3_9-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-32bit-4.4.5-3.1 openSUSE Tumbleweed:libswscale5_9-4.4.5-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-25473.html CVE-2025-25473 https://bugzilla.suse.com/1237351 SUSE Bug 1237351