VDB

MAGEIA-2025-306

MAGEIA-2025-306 PUBLISHED

FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. (CVE-2023-50007) FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. (CVE-2023-50008) Improper handling of input format in tty demuxer of ffmpeg. (CVE-2023-6602) Hls xbin demuxer dos amplification in ffmpeg. (CVE-2023-6604) Dash playlist ssrf vulnerability in ffmpeg. (CVE-2023-6605) FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. (CVE-2024-31582) FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer. (CVE-2024-35367) Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path. (CVE-2025-59728) Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress. (CVE-2025-59731, CVE-2025-59732, CVE-2025-59733) Null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c). (CVE-2025-7700)

Affected Products

VendorProductVersions
Mageiaffmpeg0, 5.1.7-1.mga9, 0

Timeline

  • Nov 21, 2025 CVE Updated
  • Nov 21, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›