English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2025.1128.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2025:1128-1)
Summary:The remote host is missing an update for the 'ffmpeg-4' package(s) announced via the SUSE-SU-2025:1128-1 advisory.
Description:Summary:
The remote host is missing an update for the 'ffmpeg-4' package(s) announced via the SUSE-SU-2025:1128-1 advisory.

Vulnerability Insight:
This update for ffmpeg-4 fixes the following issues:


- CVE-2020-22037: Fixed unchecked return value of the init_vlc function (bsc#1186756)
- CVE-2024-12361: Fixed null pointer dereference (bsc#1237358)
- CVE-2024-35368: Fixed double free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028)
- CVE-2024-36613: Fixed integer overflow in the DXA demuxer of the libavformat library (bsc#1235092)
- CVE-2025-0518: Fixed memory leak due to unchecked sscanf return value (bsc#1236007)
- CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371)
- CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382)
- CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351)

Other fixes:

- Build with SVT-AV1 3.0.0.

- Update to release 4.4.5:
* Adjust bconds to build the package in SLFO without xvidcore.
* Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch (bsc#1229338)
* Add ffmpeg-c99.patch so that the package conforms to the C99 standard and builds on i586 with GCC 14.
* No longer build against libmfx, build against libvpl (bsc#1230983, bsc#1219494)
* Drop libmfx dependency from our product (jira #PED-10024)
* Update patch to build with glslang 14
* Disable vmaf integration as ffmpeg-4 cannot handle vmaf>=3
* Copy codec list from ffmpeg-6
* Resolve build failure with binutils >= 2.41. (bsc#1215945)

- Update to version 4.4.4:
* avcodec/012v: Order operations for odd size handling
* avcodec/alsdec: The minimal block is at least 7 bits
* avcodec/bink:
- Avoid undefined out of array end pointers in
binkb_decode_plane()
- Fix off by 1 error in ref end
* avcodec/eac3dec: avoid float noise in fixed mode addition to
overflow
* avcodec/eatgq: : Check index increments in tgq_decode_block()
* avcodec/escape124:
- Fix signdness of end of input check
- Fix some return codes
* avcodec/ffv1dec:
- Check that num h/v slices is supported
- Fail earlier if prior context is corrupted
- Restructure slice coordinate reading a bit
* avcodec/mjpegenc: take into account component count when
writing the SOF header size
* avcodec/mlpdec: Check max matrix instead of max channel in
noise check
* avcodec/motionpixels: Mask pixels to valid values
* avcodec/mpeg12dec: Check input size
* avcodec/nvenc:
- Fix b-frame DTS behavior with fractional framerates
- Fix vbv buffer size in cq mode
* avcodec/pictordec: Remove mid exit branch
* avcodec/pngdec: Check deloco index more exactly
* avcodec/rpzaenc: stop accessing out of bounds frame
* avcodec/scpr3: Check bx
* avcodec/scpr: Test bx before use
* avcodec/snowenc: Fix visual weight calculation
* avcodec/speedhq: Check buf_size to be big enough for DC
* avcodec/sunrast: Fix maplength check
* avcodec/tests/snowenc:
- Fix 2nd test
- Return a failure if DWT/IDWT mismatches
- ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ffmpeg-4' package(s) on SUSE Linux Enterprise Server 15-SP4, SUSE Linux Enterprise Server for SAP Applications 15-SP4.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-22037
Debian Security Information: DSA-4990 (Google Search)
https://www.debian.org/security/2021/dsa-4990
Debian Security Information: DSA-4998 (Google Search)
https://www.debian.org/security/2021/dsa-4998
https://trac.ffmpeg.org/ticket/8281
https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2024-12361
Common Vulnerability Exposure (CVE) ID: CVE-2024-35368
Common Vulnerability Exposure (CVE) ID: CVE-2024-36613
Common Vulnerability Exposure (CVE) ID: CVE-2025-0518
Common Vulnerability Exposure (CVE) ID: CVE-2025-22919
Common Vulnerability Exposure (CVE) ID: CVE-2025-22921
Common Vulnerability Exposure (CVE) ID: CVE-2025-25473
CopyrightCopyright (C) 2025 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.