SUSE alert openSUSE-SU-2026:20855-1 (ffmpeg-4)
| From: | null@suse.de | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2026:20855-1: important: Security update for ffmpeg-4 | |
| Date: | Tue, 02 Jun 2026 17:51:13 +0200 | |
| Message-ID: | <20260602155113.7883BFCEE@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE security update: security update for ffmpeg-4 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20855-1 Rating: important References: * bsc#1234030 * bsc#1237561 * bsc#1249393 * bsc#1249431 Cross-References: * CVE-2024-35366 * CVE-2024-35368 * CVE-2024-36618 * CVE-2025-10256 * CVE-2025-1594 * CVE-2025-59728 * CVE-2025-9951 CVSS scores: * CVE-2024-35366 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-35366 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-35368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-35368 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-36618 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2024-36618 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-10256 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-10256 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-1594 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-1594 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-59728 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-59728 ( SUSE ): 7.4 CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-9951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2025-9951 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 7 vulnerabilities and has 4 bug fixes can now be installed. Description: This update for ffmpeg-4 fixes the following issues: Changes in ffmpeg-4: - Add check for the return value of av_malloc_array() to avoid potential NULL pointer dereference. (CVE-2025-10256, bsc#1249431) - Update to version 4.4.7: * Codecs, filters and other various bugfixes * aacenc_tns: clamp filter direction energy measurement. (CVE-2025-1594, bsc#1237561) * avcodec/jpeg2000dec: implement cdef remapping during pixel format matching. (CVE-2025-9951, bsc#1249393) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-285=1 Package List: - openSUSE Leap 16.0: ffmpeg-4-4.4.7-bp160.1.1 ffmpeg-4-libavcodec-devel-4.4.7-bp160.1.1 ffmpeg-4-libavdevice-devel-4.4.7-bp160.1.1 ffmpeg-4-libavfilter-devel-4.4.7-bp160.1.1 ffmpeg-4-libavformat-devel-4.4.7-bp160.1.1 ffmpeg-4-libavresample-devel-4.4.7-bp160.1.1 ffmpeg-4-libavutil-devel-4.4.7-bp160.1.1 ffmpeg-4-libpostproc-devel-4.4.7-bp160.1.1 ffmpeg-4-libswresample-devel-4.4.7-bp160.1.1 ffmpeg-4-libswscale-devel-4.4.7-bp160.1.1 ffmpeg-4-private-devel-4.4.7-bp160.1.1 libavcodec58_134-4.4.7-bp160.1.1 libavdevice58_13-4.4.7-bp160.1.1 libavfilter7_110-4.4.7-bp160.1.1 libavformat58_76-4.4.7-bp160.1.1 libavresample4_0-4.4.7-bp160.1.1 libavutil56_70-4.4.7-bp160.1.1 libpostproc55_9-4.4.7-bp160.1.1 libswresample3_9-4.4.7-bp160.1.1 libswscale5_9-4.4.7-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2024-35366.html * https://www.suse.com/security/cve/CVE-2024-35368.html * https://www.suse.com/security/cve/CVE-2024-36618.html * https://www.suse.com/security/cve/CVE-2025-10256.html * https://www.suse.com/security/cve/CVE-2025-1594.html * https://www.suse.com/security/cve/CVE-2025-59728.html * https://www.suse.com/security/cve/CVE-2025-9951.html