Security update for ffmpeg-4

Announcement ID:	SUSE-SU-2025:0862-1
Release Date:	2025-03-14T08:45:39Z
Rating:	important
References:	bsc#1202848 bsc#1215945 bsc#1223070 bsc#1223235 bsc#1223256 bsc#1223272 bsc#1223304 bsc#1223437 bsc#1227296 bsc#1229026 bsc#1229338 bsc#1234028 bsc#1235092 bsc#1236007 bsc#1237351 bsc#1237358 bsc#1237371 bsc#1237382
Cross-References:	CVE-2023-49502 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51798 CVE-2024-12361 CVE-2024-31578 CVE-2024-32230 CVE-2024-35368 CVE-2024-36613 CVE-2024-7055 CVE-2025-0518 CVE-2025-22919 CVE-2025-22921 CVE-2025-25473
CVSS scores:	CVE-2023-49502 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-50010 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-51793 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-51794 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVE-2023-51798 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2024-12361 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2024-12361 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-31578 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2024-32230 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H CVE-2024-32230 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-35368 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2024-35368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-35368 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2024-36613 ( SUSE ): 4.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2024-36613 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2024-36613 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-7055 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-0518 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2025-0518 ( NVD ): 4.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2025-22919 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-22919 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-22919 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2025-22921 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-22921 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-22921 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2025-25473 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-25473 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N CVE-2025-25473 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:	openSUSE Leap 15.6 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Package Hub 15 15-SP6

An update that solves 15 vulnerabilities and has three security fixes can now be installed.

Description:

This update for ffmpeg-4 fixes the following issues:

CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382).
CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351).
CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007).
CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371).
CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358).
CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028).
CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092).
CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component (bsc#1223256).
CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437).
CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272).
CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235).
CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304).
CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070).
CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026).
CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296).

Other fixes: - Updated to version 4.4.5.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-862=1
openSUSE Leap 15.6
zypper in -t patch SUSE-2025-862=1 openSUSE-SLE-15.6-2025-862=1
SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-862=1

Package List:

SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
- libavcodec58_134-4.4.5-150600.13.16.1
- ffmpeg-4-debuginfo-4.4.5-150600.13.16.1
- libswresample3_9-4.4.5-150600.13.16.1
- libavutil56_70-debuginfo-4.4.5-150600.13.16.1
- libavformat58_76-4.4.5-150600.13.16.1
- libswscale5_9-4.4.5-150600.13.16.1
- libavutil56_70-4.4.5-150600.13.16.1
- libavcodec58_134-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-debugsource-4.4.5-150600.13.16.1
- libavformat58_76-debuginfo-4.4.5-150600.13.16.1
- libswscale5_9-debuginfo-4.4.5-150600.13.16.1
- libswresample3_9-debuginfo-4.4.5-150600.13.16.1
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
- ffmpeg-4-private-devel-4.4.5-150600.13.16.1
- libpostproc55_9-4.4.5-150600.13.16.1
- libpostproc55_9-debuginfo-4.4.5-150600.13.16.1
- libavformat58_76-4.4.5-150600.13.16.1
- libavresample4_0-4.4.5-150600.13.16.1
- libavformat58_76-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-libavformat-devel-4.4.5-150600.13.16.1
- ffmpeg-4-libavutil-devel-4.4.5-150600.13.16.1
- libavcodec58_134-4.4.5-150600.13.16.1
- libavfilter7_110-debuginfo-4.4.5-150600.13.16.1
- libavdevice58_13-4.4.5-150600.13.16.1
- libavresample4_0-debuginfo-4.4.5-150600.13.16.1
- libswscale5_9-4.4.5-150600.13.16.1
- ffmpeg-4-libavresample-devel-4.4.5-150600.13.16.1
- libavcodec58_134-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-debugsource-4.4.5-150600.13.16.1
- libswscale5_9-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-libavcodec-devel-4.4.5-150600.13.16.1
- ffmpeg-4-libpostproc-devel-4.4.5-150600.13.16.1
- ffmpeg-4-libswscale-devel-4.4.5-150600.13.16.1
- libavdevice58_13-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-4.4.5-150600.13.16.1
- libswresample3_9-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-libswresample-devel-4.4.5-150600.13.16.1
- ffmpeg-4-debuginfo-4.4.5-150600.13.16.1
- libswresample3_9-4.4.5-150600.13.16.1
- ffmpeg-4-libavfilter-devel-4.4.5-150600.13.16.1
- libavfilter7_110-4.4.5-150600.13.16.1
- ffmpeg-4-libavdevice-devel-4.4.5-150600.13.16.1
- libavutil56_70-4.4.5-150600.13.16.1
- libavutil56_70-debuginfo-4.4.5-150600.13.16.1
openSUSE Leap 15.6 (x86_64)
- libavresample4_0-32bit-4.4.5-150600.13.16.1
- libpostproc55_9-32bit-4.4.5-150600.13.16.1
- libavcodec58_134-32bit-4.4.5-150600.13.16.1
- libavutil56_70-32bit-4.4.5-150600.13.16.1
- libavdevice58_13-32bit-4.4.5-150600.13.16.1
- libswresample3_9-32bit-debuginfo-4.4.5-150600.13.16.1
- libavutil56_70-32bit-debuginfo-4.4.5-150600.13.16.1
- libswscale5_9-32bit-debuginfo-4.4.5-150600.13.16.1
- libswscale5_9-32bit-4.4.5-150600.13.16.1
- libswresample3_9-32bit-4.4.5-150600.13.16.1
- libpostproc55_9-32bit-debuginfo-4.4.5-150600.13.16.1
- libavdevice58_13-32bit-debuginfo-4.4.5-150600.13.16.1
- libavresample4_0-32bit-debuginfo-4.4.5-150600.13.16.1
- libavformat58_76-32bit-debuginfo-4.4.5-150600.13.16.1
- libavformat58_76-32bit-4.4.5-150600.13.16.1
- libavfilter7_110-32bit-4.4.5-150600.13.16.1
- libavfilter7_110-32bit-debuginfo-4.4.5-150600.13.16.1
- libavcodec58_134-32bit-debuginfo-4.4.5-150600.13.16.1
openSUSE Leap 15.6 (aarch64_ilp32)
- libavresample4_0-64bit-4.4.5-150600.13.16.1
- libavcodec58_134-64bit-4.4.5-150600.13.16.1
- libavutil56_70-64bit-debuginfo-4.4.5-150600.13.16.1
- libavfilter7_110-64bit-4.4.5-150600.13.16.1
- libavformat58_76-64bit-4.4.5-150600.13.16.1
- libavresample4_0-64bit-debuginfo-4.4.5-150600.13.16.1
- libpostproc55_9-64bit-4.4.5-150600.13.16.1
- libswresample3_9-64bit-debuginfo-4.4.5-150600.13.16.1
- libavformat58_76-64bit-debuginfo-4.4.5-150600.13.16.1
- libavfilter7_110-64bit-debuginfo-4.4.5-150600.13.16.1
- libpostproc55_9-64bit-debuginfo-4.4.5-150600.13.16.1
- libswresample3_9-64bit-4.4.5-150600.13.16.1
- libswscale5_9-64bit-4.4.5-150600.13.16.1
- libavdevice58_13-64bit-debuginfo-4.4.5-150600.13.16.1
- libavutil56_70-64bit-4.4.5-150600.13.16.1
- libswscale5_9-64bit-debuginfo-4.4.5-150600.13.16.1
- libavdevice58_13-64bit-4.4.5-150600.13.16.1
- libavcodec58_134-64bit-debuginfo-4.4.5-150600.13.16.1
SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
- ffmpeg-4-private-devel-4.4.5-150600.13.16.1
- libpostproc55_9-4.4.5-150600.13.16.1
- libpostproc55_9-debuginfo-4.4.5-150600.13.16.1
- libavformat58_76-4.4.5-150600.13.16.1
- libavresample4_0-4.4.5-150600.13.16.1
- libavformat58_76-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-libavformat-devel-4.4.5-150600.13.16.1
- ffmpeg-4-libavutil-devel-4.4.5-150600.13.16.1
- libavcodec58_134-4.4.5-150600.13.16.1
- libavfilter7_110-debuginfo-4.4.5-150600.13.16.1
- libavdevice58_13-4.4.5-150600.13.16.1
- libavresample4_0-debuginfo-4.4.5-150600.13.16.1
- libswscale5_9-4.4.5-150600.13.16.1
- ffmpeg-4-libavresample-devel-4.4.5-150600.13.16.1
- libavcodec58_134-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-debugsource-4.4.5-150600.13.16.1
- libswscale5_9-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-libavcodec-devel-4.4.5-150600.13.16.1
- ffmpeg-4-libpostproc-devel-4.4.5-150600.13.16.1
- ffmpeg-4-libswscale-devel-4.4.5-150600.13.16.1
- libavdevice58_13-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-4.4.5-150600.13.16.1
- libswresample3_9-debuginfo-4.4.5-150600.13.16.1
- ffmpeg-4-libswresample-devel-4.4.5-150600.13.16.1
- ffmpeg-4-debuginfo-4.4.5-150600.13.16.1
- libswresample3_9-4.4.5-150600.13.16.1
- ffmpeg-4-libavfilter-devel-4.4.5-150600.13.16.1
- libavfilter7_110-4.4.5-150600.13.16.1
- ffmpeg-4-libavdevice-devel-4.4.5-150600.13.16.1
- libavutil56_70-4.4.5-150600.13.16.1
- libavutil56_70-debuginfo-4.4.5-150600.13.16.1

Security update for ffmpeg-4

Description:

Patch Instructions:

Package List:

References: