MGASA-2025-0085

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0085.html

Import Source

https://advisories.mageia.org/MGASA-2025-0085.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2025-0085

Related

Published

2025-03-02T07:18:39Z

Modified

2025-03-02T06:47:15Z

Summary

Updated ffmpeg packages fix security vulnerabilities

Details

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. (CVE-2025-22919) A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). (CVE-2025-22920) FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. (CVE-2025-22921) FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. (CVE-2025-25473)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:rpm/mageia/ffmpeg?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.6-1.3.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:rpm/mageia/ffmpeg?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.6-1.3.mga9.tainted

Ecosystem specific

{
    "section": "tainted"
}