OESA-2024-2075
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2075
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-2075.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2024-2075
- Upstream
- Published
- 2024-08-30T11:09:00Z
- Modified
- 2025-08-12T05:48:04.811784Z
- Summary
- ffmpeg security update
- Details
-
FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.
Security Fix(es):
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnmdecodeframe in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.(CVE-2024-7055)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:24.03-LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:rpm/openEuler/ffmpeg&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.1-13.oe2403
Ecosystem specific
{
"x86_64": [
"ffmpeg-6.1.1-13.oe2403.x86_64.rpm",
"ffmpeg-debuginfo-6.1.1-13.oe2403.x86_64.rpm",
"ffmpeg-debugsource-6.1.1-13.oe2403.x86_64.rpm",
"ffmpeg-devel-6.1.1-13.oe2403.x86_64.rpm",
"ffmpeg-libs-6.1.1-13.oe2403.x86_64.rpm",
"libavdevice-6.1.1-13.oe2403.x86_64.rpm"
],
"src": [
"ffmpeg-6.1.1-13.oe2403.src.rpm"
],
"aarch64": [
"ffmpeg-6.1.1-13.oe2403.aarch64.rpm",
"ffmpeg-debuginfo-6.1.1-13.oe2403.aarch64.rpm",
"ffmpeg-debugsource-6.1.1-13.oe2403.aarch64.rpm",
"ffmpeg-devel-6.1.1-13.oe2403.aarch64.rpm",
"ffmpeg-libs-6.1.1-13.oe2403.aarch64.rpm",
"libavdevice-6.1.1-13.oe2403.aarch64.rpm"
]
}