Updated ffmpeg packages fix security vulnerabilities
Publication date: 02 Mar 2025Modification date: 02 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0518 , CVE-2025-22919 , CVE-2025-22920 , CVE-2025-22921 , CVE-2025-25473
Description
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06
allows attackers to cause a Denial of Service (DoS) via opening a
crafted AAC file. (CVE-2025-22919)
A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c
allows attackers to trigger a memory corruption via supplying a crafted
media file in avformat when processing tile grid group streams. This can
lead to a Denial of Service (DoS). (CVE-2025-22920)
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a
segmentation violation via the component /libavcodec/jpeg2000dec.c.
(CVE-2025-22921)
FFmpeg git master before commit c08d30 was discovered to contain a NULL
pointer dereference via the component libavformat/mov.c.
(CVE-2025-25473)
References
- https://bugs.mageia.org/show_bug.cgi?id=34054
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/G5BFJ3U3RQS5BEVWWNUO24FHCSLCALHX/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22919
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22920
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22921
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25473
SRPMS
9/core
- ffmpeg-5.1.6-1.3.mga9
9/tainted
- ffmpeg-5.1.6-1.3.mga9.tainted