{"affected":[{"ecosystem_specific":{"binaries":[{"ffmpeg-4":"4.4.5-150600.13.16.1","ffmpeg-4-libavcodec-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libavdevice-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libavfilter-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libavformat-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libavresample-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libavutil-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libpostproc-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libswresample-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libswscale-devel":"4.4.5-150600.13.16.1","ffmpeg-4-private-devel":"4.4.5-150600.13.16.1","libavcodec58_134":"4.4.5-150600.13.16.1","libavdevice58_13":"4.4.5-150600.13.16.1","libavfilter7_110":"4.4.5-150600.13.16.1","libavformat58_76":"4.4.5-150600.13.16.1","libavresample4_0":"4.4.5-150600.13.16.1","libavutil56_70":"4.4.5-150600.13.16.1","libpostproc55_9":"4.4.5-150600.13.16.1","libswresample3_9":"4.4.5-150600.13.16.1","libswscale5_9":"4.4.5-150600.13.16.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"ffmpeg-4","purl":"pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.5-150600.13.16.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libavcodec58_134":"4.4.5-150600.13.16.1","libavformat58_76":"4.4.5-150600.13.16.1","libavutil56_70":"4.4.5-150600.13.16.1","libswresample3_9":"4.4.5-150600.13.16.1","libswscale5_9":"4.4.5-150600.13.16.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP6","name":"ffmpeg-4","purl":"pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.5-150600.13.16.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ffmpeg-4":"4.4.5-150600.13.16.1","ffmpeg-4-libavcodec-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libavdevice-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libavfilter-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libavformat-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libavresample-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libavutil-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libpostproc-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libswresample-devel":"4.4.5-150600.13.16.1","ffmpeg-4-libswscale-devel":"4.4.5-150600.13.16.1","ffmpeg-4-private-devel":"4.4.5-150600.13.16.1","libavcodec58_134":"4.4.5-150600.13.16.1","libavcodec58_134-32bit":"4.4.5-150600.13.16.1","libavdevice58_13":"4.4.5-150600.13.16.1","libavdevice58_13-32bit":"4.4.5-150600.13.16.1","libavfilter7_110":"4.4.5-150600.13.16.1","libavfilter7_110-32bit":"4.4.5-150600.13.16.1","libavformat58_76":"4.4.5-150600.13.16.1","libavformat58_76-32bit":"4.4.5-150600.13.16.1","libavresample4_0":"4.4.5-150600.13.16.1","libavresample4_0-32bit":"4.4.5-150600.13.16.1","libavutil56_70":"4.4.5-150600.13.16.1","libavutil56_70-32bit":"4.4.5-150600.13.16.1","libpostproc55_9":"4.4.5-150600.13.16.1","libpostproc55_9-32bit":"4.4.5-150600.13.16.1","libswresample3_9":"4.4.5-150600.13.16.1","libswresample3_9-32bit":"4.4.5-150600.13.16.1","libswscale5_9":"4.4.5-150600.13.16.1","libswscale5_9-32bit":"4.4.5-150600.13.16.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"ffmpeg-4","purl":"pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.5-150600.13.16.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ffmpeg-4 fixes the following issues:\n  \n- CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382).\n- CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351).\n- CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007).\n- CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371).\n- CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358).\n- CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028).\n- CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092).\n- CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component (bsc#1223256).\n- CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437).\n- CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272).\n- CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235).\n- CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304).\n- CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070).\n- CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026).\n- CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296).\n\nOther fixes:\n- Updated to version 4.4.5.\n  ","id":"SUSE-SU-2025:0862-1","modified":"2025-03-14T08:45:30Z","published":"2025-03-14T08:45:30Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20250862-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202848"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215945"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223070"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223235"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223256"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223272"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223304"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223437"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227296"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229026"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229338"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234028"},{"type":"REPORT","url":"https://bugzilla.suse.com/1235092"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236007"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237351"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237358"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237371"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237382"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49502"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-50010"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-51793"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-51794"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-51798"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-12361"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-31578"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-32230"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-35368"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-36613"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-7055"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-0518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22919"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22921"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-25473"}],"related":["CVE-2023-49502","CVE-2023-50010","CVE-2023-51793","CVE-2023-51794","CVE-2023-51798","CVE-2024-12361","CVE-2024-31578","CVE-2024-32230","CVE-2024-35368","CVE-2024-36613","CVE-2024-7055","CVE-2025-0518","CVE-2025-22919","CVE-2025-22921","CVE-2025-25473"],"summary":"Security update for ffmpeg-4","upstream":["CVE-2023-49502","CVE-2023-50010","CVE-2023-51793","CVE-2023-51794","CVE-2023-51798","CVE-2024-12361","CVE-2024-31578","CVE-2024-32230","CVE-2024-35368","CVE-2024-36613","CVE-2024-7055","CVE-2025-0518","CVE-2025-22919","CVE-2025-22921","CVE-2025-25473"]}