Debian Ffmpeg vulnerabilities

CVE-2025-59730 [MEDIUM] CVE-2025-59730: ffmpeg - When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be... When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame contents using a run-length encoding algorithm. There are no check

CVE-2025-59734 [HIGH] CVE-2025-59734: ffmpeg - It is possible to cause an use-after-free write in SANM decoding with a carefull... It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion stored_frame. Stored frames can later be referenced by FTCH chunks. For files using subversion stored_frame. Leaving ctx->has_dimensions set to false. A subsequent chunk with type FTCH would call process_ftch and decode that frame obj again, adding to

CVE-2025-1373 [MEDIUM] CVE-2025-1373: ffmpeg - A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic.... A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is

CVE-2024-35366 [CRITICAL] CVE-2024-35366: ffmpeg - FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options... FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. Scope: local bookworm: resolved (fixed in 7:5.1.5-0+deb12u1)

CVE-2024-35368 [CRITICAL] CVE-2024-35368: ffmpeg - FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function w... FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. Scope: local bookworm: resolved (fixed in 7:5.1.7-0+deb12u1) bullseye: resolved (fixed in 7:4.3.8-0+deb11u2) forky: resolved (fixed in 7:7.1-3) sid: resolved (fixed in 7:7.1-3) trixie: resolved (fixed in 7:7.1-3)

CVE-2024-35367 [CRITICAL] CVE-2024-35367: ffmpeg - FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, sta... FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer Scope: local bookworm: resolved (fixed in 7:5.1.7-0+deb12u1) bullseye: resolved (fixed in 7:4.3.8-0+deb11u2) forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolved (fixed in 7:7.0.1-3)

CVE-2024-32230 [HIGH] CVE-2024-32230: ffmpeg - FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug ... FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 Scope: local bookworm: resolved (fixed in 7:5.1.5-0+deb12u1) bullseye: resolved (fixed in 7:4.3.7-0+deb11u1) forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolved (fixed in 7:7.0.1-

CVE-2024-31582 [HIGH] CVE-2024-31582: ffmpeg - FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerabili... FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. Scope: local bookworm: resolved (fixed in 7:5.1.7-0+deb12u1) bullseye: resolved forky: resolved (fixed in

CVE-2024-31578 [HIGH] CVE-2024-31578: ffmpeg - FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av... FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. Scope: local bookworm: open bullseye: resolved (fixed in 7:4.3.8-0+deb11u1) forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolved (fixed in 7:7.0.1-3)

CVE-2024-36613 [MEDIUM] CVE-2024-36613: ffmpeg - FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library ... FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. Scope: local bookworm: resolved (fixed in 7:5.1.5-0+deb12u1) bullseye: resolved (fixed in 7:4.3.7-0+deb11u1) forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fi

CVE-2024-36617 [MEDIUM] CVE-2024-36617: ffmpeg - FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. Scope: local bookworm: resolved (fixed in 7:5.1.5-0+deb12u1) bullseye: resolved (fixed in 7:4.3.7-0+deb11u1) forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolved (fixed in 7:7.0.1-3)

CVE-2024-7272 [MEDIUM] CVE-2024-7272: ffmpeg - A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1... A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.

CVE-2024-35369 [MEDIUM] CVE-2024-35369: ffmpeg - In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a p... In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. Scope: local

CVE-2024-36616 [MEDIUM] CVE-2024-36616: ffmpeg - An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.... An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. Scope: local bookworm: resolved (fixed in 7:5.1.5-0+deb12u1) bullseye: resolved (fixed in 7:4.3.7-0+deb11u1) forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolve

CVE-2024-36615 [MEDIUM] CVE-2024-36615: ffmpeg - FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could le... FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. Scope: local bookworm: open bullseye: resolved (fixed in 7:4.3.9-0+deb11u2) forky: resolved (fixed in 7:7.1-3) sid: resolve

CVE-2024-36618 [MEDIUM] CVE-2024-36618: ffmpeg - FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library ... FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. Scope: local bookworm: resolved (fixed in 7:5.1.8-0+deb12u1) bullseye: resolved (fixed in 7:4.3.8-0+deb11u2) forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie

CVE-2024-31585 [MEDIUM] CVE-2024-31585: ffmpeg - FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulner... FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. Scope: local bookworm: resolved (fixed in 7:5.1.5-0+deb12u1) bullseye: resolved forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3)

CVE-2024-7055 [MEDIUM] CVE-2024-7055: ffmpeg - A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as criti... A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to ad

CVE-2024-32229 [HIGH] CVE-2024-32229: ffmpeg - FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:... FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-31581 [CRITICAL] CVE-2024-31581: ffmpeg - FFmpeg version n6.1 was discovered to contain an improper validation of array in... FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 7:7.0.1-3) sid: resolved (fixed in 7:7.0.1-3) trixie: resolv