Overview

File _patchinfo of Package patchinfo.39216

<patchinfo incident="39216">
  <issue tracker="cve" id="2024-36618"/>
  <issue tracker="cve" id="2025-7700"/>
  <issue tracker="bnc" id="1234018">VUL-0: CVE-2024-36616: ffmpeg,ffmpeg-4: An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.</issue>
  <issue tracker="bnc" id="1234020">VUL-0: CVE-2024-36618: ffmpeg,ffmpeg-4: FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.</issue>
  <issue tracker="bnc" id="1234019">VUL-0: CVE-2024-36617: ffmpeg,ffmpeg-4: FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.</issue>
  <issue tracker="bnc" id="1245313">SLES 15 SP4 LTSS is missing libswscale5_9-4</issue>
  <issue tracker="bnc" id="1246790">VUL-0: CVE-2025-7700: ffmpeg,ffmpeg-4,ffmpeg-7: FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)</issue>  
  <packager>qzhao</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for ffmpeg-4</summary>
  <description>This update for ffmpeg-4 fixes the following issues:

- CVE-2024-36618: Fixed integer overflow iff ULONG_MAX &lt; INT64_MAX (bsc#1234020).
- CVE-2025-7700: Fixed potential NULL pointer dereference (bsc#1246790).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places