Advisories ยป MGASA-2025-0306

Updated ffmpeg packages fix security vulnerabilities

Publication date: 21 Nov 2025
Modification date: 21 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-50007 , CVE-2023-50008 , CVE-2023-6602 , CVE-2023-6604 , CVE-2023-6605 , CVE-2024-31582 , CVE-2024-35367 , CVE-2025-59728 , CVE-2025-59731 , CVE-2025-59732 , CVE-2025-59733 , CVE-2025-7700

Description

FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a
parameter of negative size in the av_samples_set_silence function in
thelibavutil/samplefmt.c:260:9 component. (CVE-2023-50007)
FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the
colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9
component. (CVE-2023-50008)
Improper handling of input format in tty demuxer of ffmpeg.
(CVE-2023-6602)
Hls xbin demuxer dos amplification in ffmpeg. (CVE-2023-6604)
Dash playlist ssrf vulnerability in ffmpeg. (CVE-2023-6605)
FFmpeg version n6.1 was discovered to contain a heap buffer overflow
vulnerability in the draw_block_rectangle function of
libavfilter/vf_codecview.c. This vulnerability allows attackers to cause
undefined behavior or a Denial of Service (DoS) via crafted input.
(CVE-2024-31582)
FFmpeg n6.1.1 has an Out-of-bounds Read via
libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8
h_subpel_filters_outer. (CVE-2024-35367)
Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path.
(CVE-2025-59728)
Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress.
(CVE-2025-59731, CVE-2025-59732, CVE-2025-59733)
Null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c).
(CVE-2025-7700)

References

SRPMS

9/core

9/tainted