openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2025:0862-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.18.2.2025.0862.1

Kategorie: openSUSE Local Security Checks

Titel: openSUSE Security Advisory (SUSE-SU-2025:0862-1)

Zusammenfassung: The remote host is missing an update for the 'ffmpeg-4' package(s) announced via the SUSE-SU-2025:0862-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'ffmpeg-4' package(s) announced via the SUSE-SU-2025:0862-1 advisory.

Vulnerability Insight:
This update for ffmpeg-4 fixes the following issues:

- CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382).
- CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351).
- CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007).
- CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371).
- CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358).
- CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028).
- CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092).
- CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component (bsc#1223256).
- CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437).
- CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272).
- CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235).
- CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304).
- CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070).
- CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026).
- CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296).

Other fixes:
- Updated to version 4.4.5.

Affected Software/OS:
'ffmpeg-4' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-49502
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/
https://github.com/FFmpeg/FFmpeg
https://trac.ffmpeg.org/ticket/10688
Common Vulnerability Exposure (CVE) ID: CVE-2023-50010
https://ffmpeg.org/
https://trac.ffmpeg.org/ticket/10702
Common Vulnerability Exposure (CVE) ID: CVE-2023-51793
https://trac.ffmpeg.org/ticket/10743
Common Vulnerability Exposure (CVE) ID: CVE-2023-51794
https://trac.ffmpeg.org/ticket/10746
Common Vulnerability Exposure (CVE) ID: CVE-2023-51798
https://trac.ffmpeg.org/ticket/10758
Common Vulnerability Exposure (CVE) ID: CVE-2024-12361
Common Vulnerability Exposure (CVE) ID: CVE-2024-31578
https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179
https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7
Common Vulnerability Exposure (CVE) ID: CVE-2024-32230
Common Vulnerability Exposure (CVE) ID: CVE-2024-35368
Common Vulnerability Exposure (CVE) ID: CVE-2024-36613
Common Vulnerability Exposure (CVE) ID: CVE-2024-7055
Common Vulnerability Exposure (CVE) ID: CVE-2025-0518
Common Vulnerability Exposure (CVE) ID: CVE-2025-22919
Common Vulnerability Exposure (CVE) ID: CVE-2025-22921
Common Vulnerability Exposure (CVE) ID: CVE-2025-25473

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.18.2.2025.0862.1
Kategorie:	openSUSE Local Security Checks
Titel:	openSUSE Security Advisory (SUSE-SU-2025:0862-1)
Zusammenfassung:	The remote host is missing an update for the 'ffmpeg-4' package(s) announced via the SUSE-SU-2025:0862-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ffmpeg-4' package(s) announced via the SUSE-SU-2025:0862-1 advisory. Vulnerability Insight: This update for ffmpeg-4 fixes the following issues: - CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382). - CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351). - CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007). - CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371). - CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358). - CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028). - CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092). - CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component (bsc#1223256). - CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437). - CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272). - CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235). - CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304). - CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070). - CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026). - CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296). Other fixes: - Updated to version 4.4.5. Affected Software/OS: 'ffmpeg-4' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-49502 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/ https://github.com/FFmpeg/FFmpeg https://trac.ffmpeg.org/ticket/10688 Common Vulnerability Exposure (CVE) ID: CVE-2023-50010 https://ffmpeg.org/ https://trac.ffmpeg.org/ticket/10702 Common Vulnerability Exposure (CVE) ID: CVE-2023-51793 https://trac.ffmpeg.org/ticket/10743 Common Vulnerability Exposure (CVE) ID: CVE-2023-51794 https://trac.ffmpeg.org/ticket/10746 Common Vulnerability Exposure (CVE) ID: CVE-2023-51798 https://trac.ffmpeg.org/ticket/10758 Common Vulnerability Exposure (CVE) ID: CVE-2024-12361 Common Vulnerability Exposure (CVE) ID: CVE-2024-31578 https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179 https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7 Common Vulnerability Exposure (CVE) ID: CVE-2024-32230 Common Vulnerability Exposure (CVE) ID: CVE-2024-35368 Common Vulnerability Exposure (CVE) ID: CVE-2024-36613 Common Vulnerability Exposure (CVE) ID: CVE-2024-7055 Common Vulnerability Exposure (CVE) ID: CVE-2025-0518 Common Vulnerability Exposure (CVE) ID: CVE-2025-22919 Common Vulnerability Exposure (CVE) ID: CVE-2025-22921 Common Vulnerability Exposure (CVE) ID: CVE-2025-25473
Copyright	Copyright (C) 2025 Greenbone AG