OESA-2025-2907
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2907
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2907.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2025-2907
- Upstream
- Published
- 2025-12-30T12:17:47Z
- Modified
- 2026-03-11T07:14:41.796091Z
- Summary
- ffmpeg security update
- Details
-
FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.
Security Fix(es):
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.(CVE-2025-7700)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:24.03-LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:rpm/openEuler/ffmpeg&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.1-24.oe2403
Ecosystem specific
{
"src": [
"ffmpeg-6.1.1-24.oe2403.src.rpm"
],
"x86_64": [
"ffmpeg-6.1.1-24.oe2403.x86_64.rpm",
"ffmpeg-debuginfo-6.1.1-24.oe2403.x86_64.rpm",
"ffmpeg-debugsource-6.1.1-24.oe2403.x86_64.rpm",
"ffmpeg-devel-6.1.1-24.oe2403.x86_64.rpm",
"ffmpeg-libs-6.1.1-24.oe2403.x86_64.rpm",
"libavdevice-6.1.1-24.oe2403.x86_64.rpm"
],
"aarch64": [
"ffmpeg-6.1.1-24.oe2403.aarch64.rpm",
"ffmpeg-debuginfo-6.1.1-24.oe2403.aarch64.rpm",
"ffmpeg-debugsource-6.1.1-24.oe2403.aarch64.rpm",
"ffmpeg-devel-6.1.1-24.oe2403.aarch64.rpm",
"ffmpeg-libs-6.1.1-24.oe2403.aarch64.rpm",
"libavdevice-6.1.1-24.oe2403.aarch64.rpm"
]
}