Overview

File _patchinfo of Package patchinfo.37827

<patchinfo incident="37827">
  <packager>qzhao</packager>
  <issue tracker="cve" id="2024-32230"></issue>
  <issue tracker="cve" id="2025-22919"></issue>
  <issue tracker="cve" id="2024-35368"></issue>
  <issue tracker="cve" id="2024-36613"></issue>
  <issue tracker="cve" id="2023-51794"></issue>
  <issue tracker="cve" id="2023-51798"></issue>
  <issue tracker="cve" id="2024-7055"></issue>
  <issue tracker="cve" id="2025-22921"></issue>
  <issue tracker="cve" id="2025-25473"></issue>
  <issue tracker="cve" id="2024-31578"></issue>
  <issue tracker="cve" id="2024-12361"></issue>
  <issue tracker="cve" id="2023-51793"></issue>
  <issue tracker="cve" id="2025-0518"></issue>
  <issue tracker="cve" id="2023-50010"></issue>
  <issue tracker="bnc" id="1237358">VUL-0: CVE-2024-12361: ffmpeg: FFmpeg NULL Pointer Dereference</issue>
  <issue tracker="bnc" id="1237351">VUL-0: CVE-2025-25473: ffmpeg: FFmpeg git master before commit c08d30 was discovered to contain a memory leak in avformat_free_context()</issue>
  <issue tracker="bnc" id="1235092">VUL-0: CVE-2024-36613: ffmpeg,ffmpeg-4: Integer overflow in ffmpeg</issue>
  <issue tracker="bnc" id="1229338">ffmpeg fails to build on 32bit arm</issue>
  <issue tracker="bnc" id="1236007">VUL-0: CVE-2025-0518: ffmpeg,ffmpeg-4,ffmpeg-7: unchecked sscanf return value which leads to memory data leak</issue>
  <issue tracker="bnc" id="1237382">VUL-0: CVE-2025-22921: ffmpeg,ffmpeg-4,ffmpeg-7: segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c</issue>
  <issue tracker="bnc" id="1223256">VUL-0: CVE-2023-50010: ffmpeg,ffmpeg-4: arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component</issue>
  <issue tracker="bnc" id="1234028">VUL-0: CVE-2024-35368: ffmpeg,ffmpeg-4: FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.</issue>
  <issue tracker="bnc" id="1202848">kdenlive, missing packages</issue>
  <issue tracker="bnc" id="1223272">VUL-0: CVE-2023-51793: ffmpeg: heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c</issue>
  <issue tracker="bnc" id="1223437">VUL-0: CVE-2023-51794: ffmpeg,ffmpeg-4: heap-buffer-overflow at libavfilter/af_stereowiden.c</issue>
  <issue tracker="bnc" id="1223070">VUL-0: CVE-2024-31578: ffmpeg,ffmpeg-4: heap use-after-free via the av_hwframe_ctx_init function.</issue>
  <issue tracker="bnc" id="1223304">VUL-0: CVE-2023-51798: ffmpeg,ffmpeg-4: floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c</issue>
  <issue tracker="bnc" id="1215945">ffmpeg-4: Build fails with current Binutils; requires 'asm' fix (15.4, 15.5, Tumbleweed)</issue>
  <issue tracker="bnc" id="1229026">VUL-0: CVE-2024-7055: ffmpeg,ffmpeg-4: heap-based buffer overflow in pnmdec.c</issue>
  <issue tracker="bnc" id="1237371">VUL-0: CVE-2025-22919: ffmpeg,ffmpeg-4,ffmpeg-7: denial of service (DoS) via opening a crafted AAC file</issue>
  <issue tracker="bnc" id="1227296">VUL-0: CVE-2024-32230: ffmpeg,ffmpeg-4: buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture</issue>
  <issue tracker="cve" id="2023-49502"></issue>
  <issue tracker="bnc" id="1223235">VUL-0: CVE-2023-49502: ffmpeg: heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for ffmpeg-4</summary>
  <description>This update for ffmpeg-4 fixes the following issues:
  
- CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382).
- CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351).
- CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007).
- CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371).
- CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358).
- CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028).
- CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092).
- CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component (bsc#1223256).
- CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437).
- CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272).
- CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235).
- CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304).
- CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070).
- CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026).
- CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296).

Other fixes:
- Updated to version 4.4.5.
  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places