|
|
Subscribe / Log in / New account

Ubuntu alert USN-7738-1 (ffmpeg)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7738-1] FFmpeg vulnerability


Date:
              Thu, 04 Sep 2025 13:40:24 +0000


Message-ID:
              <E1uuACO-0004GY-8E@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7738-1
September 04, 2025

ffmpeg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

FFmpeg could be made to crash if it received specially crafted input.

Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

It was discovered that FFmpeg incorrectly handled the calculation of
LPC order, which could lead to a stack-based buffer overflow. An attacker
could possibly use this issue to cause FFmpeg to crash, resulting in a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  ffmpeg                          7:7.1.1-1ubuntu1.2
  libavcodec-dev                  7:7.1.1-1ubuntu1.2

Ubuntu 24.04 LTS
  ffmpeg                          7:6.1.1-3ubuntu5+esm4
                                  Available with Ubuntu Pro
  libavcodec-dev                  7:6.1.1-3ubuntu5+esm4
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm8
                                  Available with Ubuntu Pro
  libavcodec-dev                  7:4.4.2-0ubuntu0.22.04.1+esm8
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  ffmpeg                          7:4.2.7-0ubuntu0.1+esm9
                                  Available with Ubuntu Pro
  libavcodec-dev                  7:4.2.7-0ubuntu0.1+esm9
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  ffmpeg                          7:3.4.11-0ubuntu0.1+esm9
                                  Available with Ubuntu Pro
  libavcodec-dev                  7:3.4.11-0ubuntu0.1+esm9
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  ffmpeg                          7:2.8.17-0ubuntu0.1+esm11
                                  Available with Ubuntu Pro
  libavcodec-dev                  7:2.8.17-0ubuntu0.1+esm11
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7738-1
  CVE-2025-1594

Package Information:
  https://launchpad.net/ubuntu/+source/ffmpeg/7:7.1.1-1ubun...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmi5loEACgkQcpJm3tlz
hgEYjA//dxO0Rl4CYg8yBfN5SCTOD3InhTwD6nIRmOOXn55FdXZf7YDeNOWEF2bR
fJDL6caoiuETXxJHNmr6x33WSPqbiol0I1uwno50bGLg6OyHR+KiCRrrKciOoS7u
WBOtPjIVFScezQP7ZGRnU+QgfrqZGOBwbKODfhK5YhF+/lBr6RF098AB+Y+fvBO7
mySNFheIZ7szTLSeAovjIkya9ZwzKPoGtypj9ehr7JLFec4KtaKQiZBa6iuxwGU4
KZaMoy8gGjmSpbPHWFkaJEMw/zsiwIhceEPS/Rfb2g9da0gVmvzFXcQFoBh/5Vx8
uAqn3Gr20B0l8l4S03+5/8wnw2VAdAb3iZDpUeWOTG3YT3gNuz4B+udwtWV0UqrC
70uK9c9pO3gglXRSNpH4WdCsxdDTSydg8tz0vuHZEaYxR6L8c7itwatGZnr7w0Dh
avYLszKuYGPaYT1HeKq0GmYfTSfhPGB6iwb/o/pDAfk46Hp4VR6FOnsSHtCQJjcP
LJJIEAK6E6+uaUXjo0pcZjrfZy4BgXMk8xONUZX55uVCW61J74mmTPHplUP4+JYM
n7hzSkiHS3LcLySMpWtYQPRqMnLgd4ObyIlPeXiUxiZRLz4vsZU4Pa2RgVJ9yL/g
5/XflsZW7RZ5C2eZdtpW91yyKq4Lt23QyD9jIXZHbPYcJEUCGjY=
=QXwF
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds