SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2352

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2352

Security update for ffmpeg

Type: security

Severity: moderate

Issued: 2025-07-17

Description:

This update for ffmpeg fixes the following issues:

- CVE-2022-1475: Fixed integer overflow in g729_parse() in llibavcodec/g729_parser.c (bsc#1198898).
- CVE-2024-36616: Fixed integer overflow in the component libavformat/westwood_vqa.c (bsc#1234018).
- CVE-2024-36617: Fixed integer overflow vulnerability in the FFmpeg CAF decoder (bsc#1234019).
- CVE-2024-36618: Fixed vulnerability in the AVI demuxer of the libavformat library (bsc#1234020).

References

CVE: CVE-2024-36618
CVE: CVE-2024-36617
CVE: CVE-2024-36616
CVE: CVE-2022-1475
Bugzilla: 1234020 VUL-0: CVE-2024-36618: ffmpeg,ffmpeg-4: FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
Bugzilla: 1234019 VUL-0: CVE-2024-36617: ffmpeg,ffmpeg-4: FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
Bugzilla: 1234018 VUL-0: CVE-2024-36616: ffmpeg,ffmpeg-4: An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
Bugzilla: 1198898 VUL-1: CVE-2022-1475: ffmpeg,ffmpeg-4: integer overflow in g729_parse() in llibavcodec/g729_parser.c

Packages

ffmpeg-3.4.2-150200.11.64.1