Advisories » MGASA-2025-0067

Updated ffmpeg packages fix security vulnerabilities

Publication date: 14 Feb 2025
Modification date: 14 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49502 , CVE-2024-31578

Description

A buffer overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a
local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c
function in the libavfilter/bwdifdsp.c:125:5 component. (CVE-2023-49502)
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free
via the av_hwframe_ctx_init function. (CVE-2024-31578)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34015
• https://lists.suse.com/pipermail/sle-updates/2024-April/035125.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49502
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31578

SRPMS

9/core

• ffmpeg-5.1.6-1.2.mga9

9/tainted

• ffmpeg-5.1.6-1.2.mga9.tainted