All errata/sisyphus/ALT-PU-2025-17055-1
ALT-PU-2025-17055-1

Package update ffmpeg in branch sisyphus

Version8.0.1-alt1
Task#399350
Published2025-12-26
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2025-11446
MEDIUM4.3

Уязвимость функции config_input() мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-09-22Modified: 2026-03-23
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2025-10256
MEDIUM5.5

A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.

Published: 2026-02-18Modified: 2026-02-26
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References