OESA-2025-1771

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1771
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1771.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1771
Upstream
Published
2025-07-11T12:18:31Z
Modified
2025-08-12T05:34:40.354020Z
Summary
ffmpeg security update
Details

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.

Security Fix(es):

A heap-use-after-free in the mpegmuxwrite_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.(CVE-2020-21697)

Buffer Overflow vulnerability in FFmpeg 4.2 at convolutiony10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.(CVE-2020-22019)

Buffer Overflow vulnerability in FFmpeg 4.2 in the builddiffmap function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.(CVE-2020-22020)

Buffer Overflow vulnerability in FFmpeg 4.2 at filteredges function in libavfilter/vfyadif.c, which could let a remote malicious user cause a Denial of Service.(CVE-2020-22021)

Buffer Overflow vulnerability exists in FFmpeg 4.2 in the configinput function at libavfilter/aftremolo.c, which could let a remote malicious user cause a Denial of Service.(CVE-2020-22026)

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodecalloccontext3 at options.c.(CVE-2020-22037)

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ffv4l2m2mcreatecontext function in v4l2_m2m.c.(CVE-2020-22038)

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inaviaddientry function.(CVE-2020-22039)

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifoalloccommon function in libavutil/fifo.c.(CVE-2020-22043)

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the urlopendynbufinternal function in libavformat/aviobuf.c.(CVE-2020-22044)

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filterframe function in vftile.c.(CVE-2020-22051)

Integer Overflow vulnerability in function filter16roberts in libavfilter/vfconvolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.(CVE-2021-38090)

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.(CVE-2025-22919)

FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.(CVE-2025-22921)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP3 / ffmpeg

Package

Name
ffmpeg
Purl
pkg:rpm/openEuler/ffmpeg&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.4-24.oe2203sp3

Ecosystem specific 

{
    "src": [
        "ffmpeg-4.2.4-24.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "ffmpeg-4.2.4-24.oe2203sp3.x86_64.rpm",
        "ffmpeg-debuginfo-4.2.4-24.oe2203sp3.x86_64.rpm",
        "ffmpeg-debugsource-4.2.4-24.oe2203sp3.x86_64.rpm",
        "ffmpeg-devel-4.2.4-24.oe2203sp3.x86_64.rpm",
        "ffmpeg-libs-4.2.4-24.oe2203sp3.x86_64.rpm",
        "libavdevice-4.2.4-24.oe2203sp3.x86_64.rpm"
    ],
    "aarch64": [
        "ffmpeg-4.2.4-24.oe2203sp3.aarch64.rpm",
        "ffmpeg-debuginfo-4.2.4-24.oe2203sp3.aarch64.rpm",
        "ffmpeg-debugsource-4.2.4-24.oe2203sp3.aarch64.rpm",
        "ffmpeg-devel-4.2.4-24.oe2203sp3.aarch64.rpm",
        "ffmpeg-libs-4.2.4-24.oe2203sp3.aarch64.rpm",
        "libavdevice-4.2.4-24.oe2203sp3.aarch64.rpm"
    ]
}