UbuntuUpdates.org

Package "libavformat61"

Name: libavformat61

Description:

FFmpeg library with (de)muxers for multimedia containers - runtime files
Latest version: 7:7.1.1-1ubuntu4.2
Release: questing (25.10)
Level: security
Repository: universe
Head package: ffmpeg
Homepage: https://ffmpeg.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libavformat61"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libavformat61" in Questing

Repository Area Version
base universe 7:7.1.1-1ubuntu4
updates universe 7:7.1.1-1ubuntu4.2

Changelog

Version: 7:7.1.1-1ubuntu4.2 2026-01-28 02:08:19 UTC

  ffmpeg (7:7.1.1-1ubuntu4.2) questing-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2025-59728.patch: Allocate space for
      appended "/"
    - debian/patches/CVE-2025-59731.patch: Check rle_raw_data
      and surroundings
    - debian/patches/CVE-2025-59732.patch: Don't access outside
      xsize/ysize
    - debian/patches/CVE-2025-59733.patch: Check for pixel type
      consistency in DWA
    - CVE-2025-59728
    - CVE-2025-59731
    - CVE-2025-59732
    - CVE-2025-59733
  * SECURITY UPDATE: Integer Overflow
    - debian/patches/CVE-2025-63757.patch: Fix integer overflow
      with lum/chr/alpha filter
    - CVE-2025-63757

 -- Bruce Cable <email address hidden> Thu, 22 Jan 2026 14:36:20 +1100
Source diff to previous version
CVE-2025-59728 When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.Whe
CVE-2025-59731 When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to
CVE-2025-59732 When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If th
CVE-2025-59733 When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (an
CVE-2025-63757 Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.

Version: 7:7.1.1-1ubuntu4.1 2025-11-17 02:06:55 UTC

  ffmpeg (7:7.1.1-1ubuntu4.1) questing-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2025-7700.patch: Add check for av_malloc_array()
      and av_calloc()
    - CVE-2025-7700

 -- Bruce Cable <email address hidden> Wed, 29 Oct 2025 09:22:58 +1100
CVE-2025-7700 A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to cr


About   -   Send Feedback to @ubuntu_updates