ffmpeg-7-7.1.1-4.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16239 Final 1 1 2025-05-30T00:00:00Z current 2025-05-30T00:00:00Z 2025-05-30T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ffmpeg-7-7.1.1-4.1 on GA media These are all security issues fixed in the ffmpeg-7-7.1.1-4.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16239 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-36615/ SUSE CVE CVE-2024-36615 page https://www.suse.com/security/cve/CVE-2024-36616/ SUSE CVE CVE-2024-36616 page https://www.suse.com/security/cve/CVE-2024-36617/ SUSE CVE CVE-2024-36617 page https://www.suse.com/security/cve/CVE-2024-36618/ SUSE CVE CVE-2024-36618 page https://www.suse.com/security/cve/CVE-2024-36619/ SUSE CVE CVE-2024-36619 page openSUSE Tumbleweed ffmpeg-7-7.1.1-4.1 ffmpeg-7-libavcodec-devel-7.1.1-4.1 ffmpeg-7-libavdevice-devel-7.1.1-4.1 ffmpeg-7-libavfilter-devel-7.1.1-4.1 ffmpeg-7-libavformat-devel-7.1.1-4.1 ffmpeg-7-libavutil-devel-7.1.1-4.1 ffmpeg-7-libpostproc-devel-7.1.1-4.1 ffmpeg-7-libswresample-devel-7.1.1-4.1 ffmpeg-7-libswscale-devel-7.1.1-4.1 libavcodec61-7.1.1-4.1 libavcodec61-32bit-7.1.1-4.1 libavdevice61-7.1.1-4.1 libavdevice61-32bit-7.1.1-4.1 libavfilter10-7.1.1-4.1 libavfilter10-32bit-7.1.1-4.1 libavformat61-7.1.1-4.1 libavformat61-32bit-7.1.1-4.1 libavutil59-7.1.1-4.1 libavutil59-32bit-7.1.1-4.1 libpostproc58-7.1.1-4.1 libpostproc58-32bit-7.1.1-4.1 libswresample5-7.1.1-4.1 libswresample5-32bit-7.1.1-4.1 libswscale8-7.1.1-4.1 libswscale8-32bit-7.1.1-4.1 ffmpeg-7-7.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-7-libavcodec-devel-7.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-7-libavdevice-devel-7.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-7-libavfilter-devel-7.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-7-libavformat-devel-7.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-7-libavutil-devel-7.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-7-libpostproc-devel-7.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-7-libswresample-devel-7.1.1-4.1 as a component of openSUSE Tumbleweed ffmpeg-7-libswscale-devel-7.1.1-4.1 as a component of openSUSE Tumbleweed libavcodec61-7.1.1-4.1 as a component of openSUSE Tumbleweed libavcodec61-32bit-7.1.1-4.1 as a component of openSUSE Tumbleweed libavdevice61-7.1.1-4.1 as a component of openSUSE Tumbleweed libavdevice61-32bit-7.1.1-4.1 as a component of openSUSE Tumbleweed libavfilter10-7.1.1-4.1 as a component of openSUSE Tumbleweed libavfilter10-32bit-7.1.1-4.1 as a component of openSUSE Tumbleweed libavformat61-7.1.1-4.1 as a component of openSUSE Tumbleweed libavformat61-32bit-7.1.1-4.1 as a component of openSUSE Tumbleweed libavutil59-7.1.1-4.1 as a component of openSUSE Tumbleweed libavutil59-32bit-7.1.1-4.1 as a component of openSUSE Tumbleweed libpostproc58-7.1.1-4.1 as a component of openSUSE Tumbleweed libpostproc58-32bit-7.1.1-4.1 as a component of openSUSE Tumbleweed libswresample5-7.1.1-4.1 as a component of openSUSE Tumbleweed libswresample5-32bit-7.1.1-4.1 as a component of openSUSE Tumbleweed libswscale8-7.1.1-4.1 as a component of openSUSE Tumbleweed libswscale8-32bit-7.1.1-4.1 as a component of openSUSE Tumbleweed FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. CVE-2024-36615 openSUSE Tumbleweed:ffmpeg-7-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavcodec-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavdevice-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavfilter-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavformat-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavutil-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libpostproc-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libswresample-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libswscale-devel-7.1.1-4.1 openSUSE Tumbleweed:libavcodec61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavcodec61-7.1.1-4.1 openSUSE Tumbleweed:libavdevice61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavdevice61-7.1.1-4.1 openSUSE Tumbleweed:libavfilter10-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavfilter10-7.1.1-4.1 openSUSE Tumbleweed:libavformat61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavformat61-7.1.1-4.1 openSUSE Tumbleweed:libavutil59-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavutil59-7.1.1-4.1 openSUSE Tumbleweed:libpostproc58-32bit-7.1.1-4.1 openSUSE Tumbleweed:libpostproc58-7.1.1-4.1 openSUSE Tumbleweed:libswresample5-32bit-7.1.1-4.1 openSUSE Tumbleweed:libswresample5-7.1.1-4.1 openSUSE Tumbleweed:libswscale8-32bit-7.1.1-4.1 openSUSE Tumbleweed:libswscale8-7.1.1-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-36615.html CVE-2024-36615 https://bugzilla.suse.com/1234017 SUSE Bug 1234017 An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. CVE-2024-36616 openSUSE Tumbleweed:ffmpeg-7-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavcodec-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavdevice-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavfilter-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavformat-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavutil-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libpostproc-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libswresample-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libswscale-devel-7.1.1-4.1 openSUSE Tumbleweed:libavcodec61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavcodec61-7.1.1-4.1 openSUSE Tumbleweed:libavdevice61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavdevice61-7.1.1-4.1 openSUSE Tumbleweed:libavfilter10-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavfilter10-7.1.1-4.1 openSUSE Tumbleweed:libavformat61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavformat61-7.1.1-4.1 openSUSE Tumbleweed:libavutil59-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavutil59-7.1.1-4.1 openSUSE Tumbleweed:libpostproc58-32bit-7.1.1-4.1 openSUSE Tumbleweed:libpostproc58-7.1.1-4.1 openSUSE Tumbleweed:libswresample5-32bit-7.1.1-4.1 openSUSE Tumbleweed:libswresample5-7.1.1-4.1 openSUSE Tumbleweed:libswscale8-32bit-7.1.1-4.1 openSUSE Tumbleweed:libswscale8-7.1.1-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-36616.html CVE-2024-36616 https://bugzilla.suse.com/1234018 SUSE Bug 1234018 FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. CVE-2024-36617 openSUSE Tumbleweed:ffmpeg-7-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavcodec-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavdevice-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavfilter-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavformat-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavutil-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libpostproc-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libswresample-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libswscale-devel-7.1.1-4.1 openSUSE Tumbleweed:libavcodec61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavcodec61-7.1.1-4.1 openSUSE Tumbleweed:libavdevice61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavdevice61-7.1.1-4.1 openSUSE Tumbleweed:libavfilter10-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavfilter10-7.1.1-4.1 openSUSE Tumbleweed:libavformat61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavformat61-7.1.1-4.1 openSUSE Tumbleweed:libavutil59-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavutil59-7.1.1-4.1 openSUSE Tumbleweed:libpostproc58-32bit-7.1.1-4.1 openSUSE Tumbleweed:libpostproc58-7.1.1-4.1 openSUSE Tumbleweed:libswresample5-32bit-7.1.1-4.1 openSUSE Tumbleweed:libswresample5-7.1.1-4.1 openSUSE Tumbleweed:libswscale8-32bit-7.1.1-4.1 openSUSE Tumbleweed:libswscale8-7.1.1-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-36617.html CVE-2024-36617 https://bugzilla.suse.com/1234019 SUSE Bug 1234019 FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. CVE-2024-36618 openSUSE Tumbleweed:ffmpeg-7-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavcodec-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavdevice-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavfilter-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavformat-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavutil-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libpostproc-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libswresample-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libswscale-devel-7.1.1-4.1 openSUSE Tumbleweed:libavcodec61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavcodec61-7.1.1-4.1 openSUSE Tumbleweed:libavdevice61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavdevice61-7.1.1-4.1 openSUSE Tumbleweed:libavfilter10-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavfilter10-7.1.1-4.1 openSUSE Tumbleweed:libavformat61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavformat61-7.1.1-4.1 openSUSE Tumbleweed:libavutil59-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavutil59-7.1.1-4.1 openSUSE Tumbleweed:libpostproc58-32bit-7.1.1-4.1 openSUSE Tumbleweed:libpostproc58-7.1.1-4.1 openSUSE Tumbleweed:libswresample5-32bit-7.1.1-4.1 openSUSE Tumbleweed:libswresample5-7.1.1-4.1 openSUSE Tumbleweed:libswscale8-32bit-7.1.1-4.1 openSUSE Tumbleweed:libswscale8-7.1.1-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-36618.html CVE-2024-36618 https://bugzilla.suse.com/1234020 SUSE Bug 1234020 FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. CVE-2024-36619 openSUSE Tumbleweed:ffmpeg-7-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavcodec-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavdevice-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavfilter-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavformat-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libavutil-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libpostproc-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libswresample-devel-7.1.1-4.1 openSUSE Tumbleweed:ffmpeg-7-libswscale-devel-7.1.1-4.1 openSUSE Tumbleweed:libavcodec61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavcodec61-7.1.1-4.1 openSUSE Tumbleweed:libavdevice61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavdevice61-7.1.1-4.1 openSUSE Tumbleweed:libavfilter10-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavfilter10-7.1.1-4.1 openSUSE Tumbleweed:libavformat61-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavformat61-7.1.1-4.1 openSUSE Tumbleweed:libavutil59-32bit-7.1.1-4.1 openSUSE Tumbleweed:libavutil59-7.1.1-4.1 openSUSE Tumbleweed:libpostproc58-32bit-7.1.1-4.1 openSUSE Tumbleweed:libpostproc58-7.1.1-4.1 openSUSE Tumbleweed:libswresample5-32bit-7.1.1-4.1 openSUSE Tumbleweed:libswresample5-7.1.1-4.1 openSUSE Tumbleweed:libswscale8-32bit-7.1.1-4.1 openSUSE Tumbleweed:libswscale8-7.1.1-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-36619.html CVE-2024-36619 https://bugzilla.suse.com/1234023 SUSE Bug 1234023