Mageia alert MGASA-2025-0085 (ffmpeg)
| From: | Mageia Updates <updates-announce@ml.mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2025-0085: Updated ffmpeg packages fix security vulnerabilities | |
| Date: | Sun, 02 Mar 2025 08:19:19 +0100 | |
| Message-ID: | <20250302071919.369829FFE9@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2025-0085 - Updated ffmpeg packages fix security vulnerabilities Publication date: 02 Mar 2025 URL: https://advisories.mageia.org/MGASA-2025-0085.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-0518, CVE-2025-22919, CVE-2025-22920, CVE-2025-22921, CVE-2025-25473 Description: A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. (CVE-2025-22919) A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). (CVE-2025-22920) FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. (CVE-2025-22921) FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. (CVE-2025-25473) References: - https://bugs.mageia.org/show_bug.cgi?id=34054 - https://lists.opensuse.org/archives/list/security-announc... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2... SRPMS: - 9/core/ffmpeg-5.1.6-1.3.mga9 - 9/tainted/ffmpeg-5.1.6-1.3.mga9.tainted