UbuntuUpdates.org

Package "ffmpeg"

Name: ffmpeg

Description:

Tools for transcoding, streaming and playing of multimedia files
Latest version: 7:7.1.1-1ubuntu1.3
Release: plucky (25.04)
Level: updates
Repository: universe
Homepage: https://ffmpeg.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ffmpeg"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ffmpeg" in Plucky

Repository Area Version
base universe 7:7.1.1-1ubuntu1
security universe 7:7.1.1-1ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7:7.1.1-1ubuntu1.3 2025-11-17 06:07:03 UTC

  ffmpeg (7:7.1.1-1ubuntu1.3) plucky-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2025-7700.patch: Add check for av_malloc_array()
      and av_calloc()
    - CVE-2025-7700

 -- Bruce Cable <email address hidden> Wed, 29 Oct 2025 09:23:57 +1100
Source diff to previous version
CVE-2025-7700 A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to cr

Version: 7:7.1.1-1ubuntu1.2 2025-09-04 08:07:00 UTC

  ffmpeg (7:7.1.1-1ubuntu1.2) plucky-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow in AAC Encoder
    - debian/patches/CVE-2025-1594.patch: aacenc_tns: clamp filter
      direction energy measurement
    - CVE-2025-1594

 -- John Breton <email address hidden> Wed, 03 Sep 2025 11:43:59 -0400
Source diff to previous version
CVE-2025-1594 A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavco

Version: 7:7.1.1-1ubuntu1.1 2025-05-28 05:07:14 UTC

  ffmpeg (7:7.1.1-1ubuntu1.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Segmentation Fault
    - debian/patches/CVE-2025-22921.patch: Clear array length when freeing it
    - CVE-2025-22921
  * SECURITY UPDATE: Null Dereference
    - debian/patches/CVE-2025-25473.patch: Clear FFFormatContext packet queue
      when closing a muxer
    - CVE-2025-25473

 -- Bruce Cable <email address hidden> Thu, 22 May 2025 10:15:05 +1000
CVE-2025-22921 FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
CVE-2025-25473 FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.


About   -   Send Feedback to @ubuntu_updates