Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 9: 2025-0067 severe: FFmpeg buffer overflow and heap issue

mageia
Calendar Grey February 14, 2025
Dist Mageia Esm H88
Recent updates to the ffmpeg packages have addressed significant buffer overflow and use-after-free security vulnerabilities, thereby boosting the overall security of Mageia.
A buffer overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifds...

Summary

A buffer overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. (CVE-2023-49502) FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. (CVE-2024-31578)

References

- https://bugs.mageia.org/show_bug.cgi?id=34015

- https://lists.suse.com/pipermail/sle-updates/2024-April/035125.html

- https://www.cve.org/CVERecord?id=CVE-2023-49502

- https://www.cve.org/CVERecord?id=CVE-2024-31578

Topics%20covered

Topics Covered

security advisory buffer overflow critical code execution heap issue FFmpeg Mageia heap use-after-free

Resolution

SRPMS

- 9/tainted/ffmpeg-5.1.6-1.2.mga9.tainted

- 9/core/ffmpeg-5.1.6-1.2.mga9

Publication date: 14 Feb 2025
URL: https://advisories.mageia.org/MGASA-2025-0067.html
Type: security
CVE: CVE-2023-49502, CVE-2024-31578

Topics%20covered

Topics Covered

security advisory buffer overflow critical code execution heap issue FFmpeg Mageia heap use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here