File _patchinfo of Package patchinfo.38336

<patchinfo incident="38336">
  <issue tracker="cve" id="2023-51793"/>
  <issue tracker="cve" id="2024-35368"/>
  <issue tracker="cve" id="2025-22921"/>
  <issue tracker="cve" id="2025-0518"/>
  <issue tracker="cve" id="2024-35365"/>
  <issue tracker="cve" id="2025-22919"/>
  <issue tracker="cve" id="2024-12361"/>
  <issue tracker="cve" id="2024-36613"/>
  <issue tracker="bnc" id="1236007">VUL-0: CVE-2025-0518: ffmpeg,ffmpeg-4,ffmpeg-7: unchecked sscanf return value which leads to memory data leak</issue>
  <issue tracker="bnc" id="1223272">VUL-0: CVE-2023-51793: ffmpeg: heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c</issue>
  <issue tracker="bnc" id="1235092">VUL-0: CVE-2024-36613: ffmpeg,ffmpeg-4: Integer overflow in ffmpeg</issue>
  <issue tracker="bnc" id="1237358">VUL-0: CVE-2024-12361: ffmpeg: FFmpeg NULL Pointer Dereference</issue>
  <issue tracker="bnc" id="1237371">VUL-0: CVE-2025-22919: ffmpeg,ffmpeg-4,ffmpeg-7: denial of service (DoS) via opening a crafted AAC file</issue>
  <issue tracker="bnc" id="1234028">VUL-0: CVE-2024-35368: ffmpeg,ffmpeg-4: FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.</issue>
  <issue tracker="bnc" id="1237382">VUL-0: CVE-2025-22921: ffmpeg,ffmpeg-4,ffmpeg-7: segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c</issue>
  <issue tracker="bnc" id="1235091">VUL-0: CVE-2024-35365: ffmpeg,ffmpeg-4: double-free vulnerability in FFMPEG</issue>
  <packager>qzhao</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ffmpeg</summary>
  <description>This update for ffmpeg fixes the following issues:

- CVE-2025-22921: Clear array length when freeing it. (bsc#1237382)
- CVE-2025-0518: Fix memory data leak when use sscanf(). (bsc#1236007)
- CVE-2025-22919: Check for valid sample rate, to fix the invalid sample rate >= 0. (bsc#1237371)
- CVE-2024-12361: Add check for av_packet_new_side_data() to avoid null pointer dereference if allocation fails. (bsc#1237358)
- CVE-2024-36613: Adjust order of operations around block align. (bsc#1235092)
- CVE-2024-35365: Fix double-free on error. (bsc#1235091)
- CVE-2024-35368: Fix double-free on the AVFrame is unreferenced. (bsc#1234028)
- CVE-2023-51793: Fix out of array access. (bsc#1223272).
- CVE-2023-51793: Fixed a heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272).
</description>
</patchinfo>