Security update for ffmpeg-4
Announcement ID: | SUSE-SU-2025:1128-1 |
---|---|
Release Date: | 2025-04-03T11:54:06Z |
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves eight vulnerabilities, contains one feature and has five security fixes can now be installed.
Description:
This update for ffmpeg-4 fixes the following issues:
- CVE-2020-22037: Fixed unchecked return value of the init_vlc function (bsc#1186756)
- CVE-2024-12361: Fixed null pointer dereference (bsc#1237358)
- CVE-2024-35368: Fixed double free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028)
- CVE-2024-36613: Fixed integer overflow in the DXA demuxer of the libavformat library (bsc#1235092)
- CVE-2025-0518: Fixed memory leak due to unchecked sscanf return value (bsc#1236007)
- CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371)
- CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382)
- CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351)
Other fixes:
-
Build with SVT-AV1 3.0.0.
-
Update to release 4.4.5:
- Adjust bconds to build the package in SLFO without xvidcore.
- Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch (bsc#1229338)
- Add ffmpeg-c99.patch so that the package conforms to the C99 standard and builds on i586 with GCC 14.
- No longer build against libmfx; build against libvpl (bsc#1230983, bsc#1219494)
- Drop libmfx dependency from our product (jira #PED-10024)
- Update patch to build with glslang 14
- Disable vmaf integration as ffmpeg-4 cannot handle vmaf>=3
- Copy codec list from ffmpeg-6
-
Resolve build failure with binutils >= 2.41. (bsc#1215945)
-
Update to version 4.4.4:
- avcodec/012v: Order operations for odd size handling
- avcodec/alsdec: The minimal block is at least 7 bits
- avcodec/bink:
- Avoid undefined out of array end pointers in
binkb_decode_plane() - Fix off by 1 error in ref end
- Avoid undefined out of array end pointers in
- avcodec/eac3dec: avoid float noise in fixed mode addition to
overflow - avcodec/eatgq: : Check index increments in tgq_decode_block()
- avcodec/escape124:
- Fix signdness of end of input check
- Fix some return codes
- avcodec/ffv1dec:
- Check that num h/v slices is supported
- Fail earlier if prior context is corrupted
- Restructure slice coordinate reading a bit
- avcodec/mjpegenc: take into account component count when
writing the SOF header size - avcodec/mlpdec: Check max matrix instead of max channel in
noise check - avcodec/motionpixels: Mask pixels to valid values
- avcodec/mpeg12dec: Check input size
- avcodec/nvenc:
- Fix b-frame DTS behavior with fractional framerates
- Fix vbv buffer size in cq mode
- avcodec/pictordec: Remove mid exit branch
- avcodec/pngdec: Check deloco index more exactly
- avcodec/rpzaenc: stop accessing out of bounds frame
- avcodec/scpr3: Check bx
- avcodec/scpr: Test bx before use
- avcodec/snowenc: Fix visual weight calculation
- avcodec/speedhq: Check buf_size to be big enough for DC
- avcodec/sunrast: Fix maplength check
- avcodec/tests/snowenc:
- Fix 2nd test
- Return a failure if DWT/IDWT mismatches
- Unbreak DWT tests
- avcodec/tiff: Ignore tile_count
- avcodec/utils:
- Allocate a line more for VC1 and WMV3
- Ensure linesize for SVQ3
- Use 32pixel alignment for bink
- avcodec/videodsp_template: Adjust pointers to avoid undefined
pointer things - avcodec/vp3: Add missing check for av_malloc
- avcodec/wavpack:
- Avoid undefined shift in get_tail()
- Check for end of input in wv_unpack_dsd_high()
- avcodec/xpmdec: Check size before allocation to avoid
truncation - avfilter/vf_untile: swap the chroma shift values used for plane
offsets - avformat/id3v2: Check taglen in read_uslt()
- avformat/mov: Check samplesize and offset to avoid integer
overflow - avformat/mxfdec: Use 64bit in remainder
- avformat/nutdec: Add check for avformat_new_stream
- avformat/replaygain: avoid undefined / negative abs
- swscale/input: Use more unsigned intermediates
- swscale/output: Bias 16bps output calculations to improve non
overflowing range - swscale: aarch64: Fix yuv2rgb with negative stride
-
Use https for repository links
-
Update to version 4.4.3:
-
Stable bug fix release, mainly codecs, filter and format fixes.
-
Add patch to detect SDL2 >= 2.1.0 (bsc#1202848):
-
Update to version 4.4.2:
-
Stable bug fix release, mainly codecs, filter and format fixes.
-
Add conflicts for ffmpeg-5's tools
- Enable Vulkan filters
- Fix OS version check, so nvcodec is enabled for Leap too.
-
Disamble libsmbclient usage (can always be built with
--with-smbclient): the usecase of ffmpeg directly accessing
smb:// shares is quite constructed (most users will have their
smb shares mounted). -
Update to version 4.4.1:
- Stable bug fix release, mainly codecs and format fixes.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1128=1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1128=1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1128=1
-
SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1128=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1128=1
Package List:
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
- libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
- ffmpeg-4-debugsource-4.4.5-150400.3.46.1
- libavcodec58_134-4.4.5-150400.3.46.1
- ffmpeg-4-libavdevice-devel-4.4.5-150400.3.46.1
- ffmpeg-4-libavresample-devel-4.4.5-150400.3.46.1
- ffmpeg-4-libswscale-devel-4.4.5-150400.3.46.1
- libavfilter7_110-debuginfo-4.4.5-150400.3.46.1
- libavformat58_76-4.4.5-150400.3.46.1
- libavutil56_70-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-debuginfo-4.4.5-150400.3.46.1
- libavresample4_0-4.4.5-150400.3.46.1
- ffmpeg-4-libswresample-devel-4.4.5-150400.3.46.1
- libavdevice58_13-debuginfo-4.4.5-150400.3.46.1
- ffmpeg-4-4.4.5-150400.3.46.1
- ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
- libswscale5_9-debuginfo-4.4.5-150400.3.46.1
- libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
- libavutil56_70-4.4.5-150400.3.46.1
- ffmpeg-4-libavutil-devel-4.4.5-150400.3.46.1
- libpostproc55_9-4.4.5-150400.3.46.1
- ffmpeg-4-libpostproc-devel-4.4.5-150400.3.46.1
- libavfilter7_110-4.4.5-150400.3.46.1
- ffmpeg-4-libavcodec-devel-4.4.5-150400.3.46.1
- ffmpeg-4-libavfilter-devel-4.4.5-150400.3.46.1
- ffmpeg-4-libavformat-devel-4.4.5-150400.3.46.1
- libswscale5_9-4.4.5-150400.3.46.1
- libavformat58_76-debuginfo-4.4.5-150400.3.46.1
- libavdevice58_13-4.4.5-150400.3.46.1
- libswresample3_9-4.4.5-150400.3.46.1
- ffmpeg-4-private-devel-4.4.5-150400.3.46.1
- libavresample4_0-debuginfo-4.4.5-150400.3.46.1
-
openSUSE Leap 15.4 (x86_64)
- libavresample4_0-32bit-4.4.5-150400.3.46.1
- libswresample3_9-32bit-debuginfo-4.4.5-150400.3.46.1
- libavformat58_76-32bit-debuginfo-4.4.5-150400.3.46.1
- libavresample4_0-32bit-debuginfo-4.4.5-150400.3.46.1
- libpostproc55_9-32bit-4.4.5-150400.3.46.1
- libavcodec58_134-32bit-debuginfo-4.4.5-150400.3.46.1
- libavcodec58_134-32bit-4.4.5-150400.3.46.1
- libswresample3_9-32bit-4.4.5-150400.3.46.1
- libswscale5_9-32bit-debuginfo-4.4.5-150400.3.46.1
- libavdevice58_13-32bit-debuginfo-4.4.5-150400.3.46.1
- libavformat58_76-32bit-4.4.5-150400.3.46.1
- libpostproc55_9-32bit-debuginfo-4.4.5-150400.3.46.1
- libswscale5_9-32bit-4.4.5-150400.3.46.1
- libavfilter7_110-32bit-debuginfo-4.4.5-150400.3.46.1
- libavfilter7_110-32bit-4.4.5-150400.3.46.1
- libavutil56_70-32bit-debuginfo-4.4.5-150400.3.46.1
- libavutil56_70-32bit-4.4.5-150400.3.46.1
- libavdevice58_13-32bit-4.4.5-150400.3.46.1
-
openSUSE Leap 15.4 (aarch64_ilp32)
- libavresample4_0-64bit-debuginfo-4.4.5-150400.3.46.1
- libpostproc55_9-64bit-4.4.5-150400.3.46.1
- libavutil56_70-64bit-4.4.5-150400.3.46.1
- libavfilter7_110-64bit-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-64bit-debuginfo-4.4.5-150400.3.46.1
- libswscale5_9-64bit-4.4.5-150400.3.46.1
- libavfilter7_110-64bit-4.4.5-150400.3.46.1
- libavdevice58_13-64bit-4.4.5-150400.3.46.1
- libpostproc55_9-64bit-debuginfo-4.4.5-150400.3.46.1
- libavcodec58_134-64bit-debuginfo-4.4.5-150400.3.46.1
- libavresample4_0-64bit-4.4.5-150400.3.46.1
- libswscale5_9-64bit-debuginfo-4.4.5-150400.3.46.1
- libavdevice58_13-64bit-debuginfo-4.4.5-150400.3.46.1
- libavformat58_76-64bit-debuginfo-4.4.5-150400.3.46.1
- libavcodec58_134-64bit-4.4.5-150400.3.46.1
- libavutil56_70-64bit-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-64bit-4.4.5-150400.3.46.1
- libavformat58_76-64bit-4.4.5-150400.3.46.1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64)
- libpostproc55_9-4.4.5-150400.3.46.1
- libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
- ffmpeg-4-debugsource-4.4.5-150400.3.46.1
- libavcodec58_134-4.4.5-150400.3.46.1
- libavformat58_76-debuginfo-4.4.5-150400.3.46.1
- libavutil56_70-debuginfo-4.4.5-150400.3.46.1
- libavformat58_76-4.4.5-150400.3.46.1
- ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-4.4.5-150400.3.46.1
- libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
- libavutil56_70-4.4.5-150400.3.46.1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64)
- libpostproc55_9-4.4.5-150400.3.46.1
- libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
- ffmpeg-4-debugsource-4.4.5-150400.3.46.1
- libavcodec58_134-4.4.5-150400.3.46.1
- libavformat58_76-debuginfo-4.4.5-150400.3.46.1
- libavutil56_70-debuginfo-4.4.5-150400.3.46.1
- libavformat58_76-4.4.5-150400.3.46.1
- ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-4.4.5-150400.3.46.1
- libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
- libavutil56_70-4.4.5-150400.3.46.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
- libpostproc55_9-4.4.5-150400.3.46.1
- libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
- ffmpeg-4-debugsource-4.4.5-150400.3.46.1
- libavcodec58_134-4.4.5-150400.3.46.1
- libavformat58_76-debuginfo-4.4.5-150400.3.46.1
- libavutil56_70-debuginfo-4.4.5-150400.3.46.1
- libavformat58_76-4.4.5-150400.3.46.1
- ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-4.4.5-150400.3.46.1
- libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
- libavutil56_70-4.4.5-150400.3.46.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
- libpostproc55_9-4.4.5-150400.3.46.1
- libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
- ffmpeg-4-debugsource-4.4.5-150400.3.46.1
- libavcodec58_134-4.4.5-150400.3.46.1
- libavformat58_76-debuginfo-4.4.5-150400.3.46.1
- libavutil56_70-debuginfo-4.4.5-150400.3.46.1
- libavformat58_76-4.4.5-150400.3.46.1
- ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-debuginfo-4.4.5-150400.3.46.1
- libswresample3_9-4.4.5-150400.3.46.1
- libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
- libavutil56_70-4.4.5-150400.3.46.1
References:
- https://www.suse.com/security/cve/CVE-2020-22037.html
- https://www.suse.com/security/cve/CVE-2024-12361.html
- https://www.suse.com/security/cve/CVE-2024-35368.html
- https://www.suse.com/security/cve/CVE-2024-36613.html
- https://www.suse.com/security/cve/CVE-2025-0518.html
- https://www.suse.com/security/cve/CVE-2025-22919.html
- https://www.suse.com/security/cve/CVE-2025-22921.html
- https://www.suse.com/security/cve/CVE-2025-25473.html
- https://bugzilla.suse.com/show_bug.cgi?id=1186756
- https://bugzilla.suse.com/show_bug.cgi?id=1202848
- https://bugzilla.suse.com/show_bug.cgi?id=1215945
- https://bugzilla.suse.com/show_bug.cgi?id=1219494
- https://bugzilla.suse.com/show_bug.cgi?id=1229338
- https://bugzilla.suse.com/show_bug.cgi?id=1230983
- https://bugzilla.suse.com/show_bug.cgi?id=1234028
- https://bugzilla.suse.com/show_bug.cgi?id=1235092
- https://bugzilla.suse.com/show_bug.cgi?id=1236007
- https://bugzilla.suse.com/show_bug.cgi?id=1237351
- https://bugzilla.suse.com/show_bug.cgi?id=1237358
- https://bugzilla.suse.com/show_bug.cgi?id=1237371
- https://bugzilla.suse.com/show_bug.cgi?id=1237382
- https://jira.suse.com/browse/PED-10024