UbuntuUpdates.org

Package "ffmpeg"

Name: ffmpeg

Description:

Tools for transcoding, streaming and playing of multimedia files
Latest version: 7:7.0.2-3ubuntu1.1
Release: oracular (24.10)
Level: updates
Repository: universe
Homepage: https://ffmpeg.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ffmpeg"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ffmpeg" in Oracular

Repository Area Version
base universe 7:7.0.2-3ubuntu1
security universe 7:7.0.2-3ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7:7.0.2-3ubuntu1.1 2025-05-28 05:07:13 UTC

  ffmpeg (7:7.0.2-3ubuntu1.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Out of Bounds Read
    - debian/patches/CVE-2025-0518.patch: Check return value of sscanf
    - CVE-2025-0518
  * SECURITY UPDATE: Memory Leak
    - debian/patches/CVE-2025-1816.patch: Add missing constraints for
      num_parameters in audio_element_oub()
    - CVE-2025-1816
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2025-22919.patch: Check for valid sample rate
    - CVE-2025-22919
  * SECURITY UPDATE: Segmentation Fault
    - debian/patches/CVE-2025-22921.patch: Clear array length when freeing it
    - CVE-2025-22921
  * SECURITY UPDATE: Null Dereference
    - debian/patches/CVE-2025-25473.patch: Clear FFFormatContext packet queue
      when closing a muxer
    - CVE-2025-25473

 -- Bruce Cable <email address hidden> Thu, 22 May 2025 09:59:09 +1000
CVE-2025-0518 Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associ
CVE-2025-1816 A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_el
CVE-2025-22919 A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC
CVE-2025-22921 FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
CVE-2025-25473 FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.


About   -   Send Feedback to @ubuntu_updates