SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2381

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2381

Security update for ffmpeg-4

Type: security

Severity: moderate

Issued: 2025-07-18

Description:

This update for ffmpeg-4 fixes the following issues:

- CVE-2024-36618: Fixed integer overflow iff ULONG_MAX < INT64_MAX (bsc#1234020).

New CVE references, fixed in previous release:

- CVE-2024-36617: avformat/cafdec: dont seek beyond 64bit (bsc#1234019).
- CVE-2024-36616: avformat/westwood_vqa: Fix 2g packets (bsc#1234018).

References

CVE: CVE-2024-36618
CVE: CVE-2024-36617
CVE: CVE-2024-36616
Bugzilla: 1234020 VUL-0: CVE-2024-36618: ffmpeg,ffmpeg-4: FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
Bugzilla: 1234019 VUL-0: CVE-2024-36617: ffmpeg,ffmpeg-4: FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
Bugzilla: 1234018 VUL-0: CVE-2024-36616: ffmpeg,ffmpeg-4: An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.

Packages

ffmpeg-4-4.4.6-150600.13.27.1