Debian: FFmpeg Critical Denial of Service Threat DLA-4440-1 CVE-2023-6603
debian lts
January 16, 2026
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed...
Summary
CVE-2023-6603
A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability
allows a denial of service via a maliciously crafted HLS playlist that
triggers a null pointer dereference during initialization.
CVE-2024-36615
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This
could lead to a data race if video encoding parameters were being exported,
as the side data would be attached in the decoder thread while being read
in the output thread.
CVE-2025-1594
A vulnerability, which was classified as critical, was found in FFmpeg up
to 7.1. This affects the function ff_aac_search_for_tns of the file
libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation
leads to stack-based buffer overflow. It is possible to initiate the attack
remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7700
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: ffmpeg
Version: 7:4.3.9-0+deb11u2
CVE ID: CVE-2023-6603 CVE-2024-36615 CVE-2025-1594 CVE-2025-7700
Debian Bug:
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!