All errata/p9/ALT-PU-2024-10871-3
ALT-PU-2024-10871-3

Package update ffmpeg in branch p9

Version4.3.8-alt1
Task#354611
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (10)

BDU:2023-02925
HIGH8.1

Уязвимость компонента libavcodec/pthread_frame.c мультимедийной библиотеки FFmpeg, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код

Published: 2023-05-31Modified: 2026-01-20
CVSS 3.xHIGH 8.1
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0HIGH 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
References
BDU:2023-03348
MEDIUM5.3

Уязвимость функции decode_main_header() (libavformat/nutdec.c) мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-06-25Modified: 2024-09-24
CVSS 3.xMEDIUM 5.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
BDU:2024-00245
MEDIUM5.5

Уязвимость мультимедийной библиотеки FFmpeg, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привелегии

Published: 2024-01-12Modified: 2024-10-08
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVSS 2.0MEDIUM 5.2
CVSS:2.0/AV:A/AC:L/Au:S/C:P/I:P/A:P
References
BDU:2024-09901
MEDIUM4.2

Уязвимость функции pnm_decode_frame() (/libavcodec/pnmdec.c) мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-11-20Modified: 2025-03-21
CVSS 3.xMEDIUM 4.2
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:P/A:P
References
BDU:2025-00950
MEDIUM6.2

Уязвимость декодера CAF мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-02-03Modified: 2026-01-20
CVSS 3.xMEDIUM 6.2
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2022-3341
MEDIUM5.3

A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.

Published: 2023-01-12Modified: 2025-08-07
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
CVE-2022-48434
HIGH8.1

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

Published: 2023-03-29Modified: 2024-11-21
CVSS 3.xHIGH 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2024-7055
MEDIUM6.9

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

Published: 2024-08-06Modified: 2025-11-03
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 4.0MEDIUM 6.9
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References