Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Mageia 9: 2025-0085 critical: FFmpeg DoS and Memory Corruption Issues

mageia
Calendar Grey March 2, 2025
Dist Mageia Esm H88
Enhanced ffmpeg versions address various vulnerabilities in Mageia. Critical notice, examine for specifics.
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file

Summary

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. (CVE-2025-22919) A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). (CVE-2025-22920) FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. (CVE-2025-22921) FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. (CVE-2025-25473)

References

- https://bugs.mageia.org/show_bug.cgi?id=34054

-

- https://www.cve.org/CVERecord?id=CVE-2025-0518

- https://www.cve.org/CVERecord?id=CVE-2025-22919

- https://www.cve.org/CVERecord?id=CVE-2025-22920

- https://www.cve.org/CVERecord?id=CVE-2025-22921

- https://www.cve.org/CVERecord?id=CVE-2025-25473

Resolution

SRPMS

- 9/core/ffmpeg-5.1.6-1.3.mga9

- 9/tainted/ffmpeg-5.1.6-1.3.mga9.tainted

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 02 Mar 2025
URL: https://advisories.mageia.org/MGASA-2025-0085.html
Type: security
CVE: CVE-2025-0518, CVE-2025-22919, CVE-2025-22920, CVE-2025-22921, CVE-2025-25473

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here