SUSE: 2025:1450-1 critical update addresses ffmpeg memory leak issue

suse

May 5, 2025

* bsc#1223272 * bsc#1234028 * bsc#1235091 * bsc#1235092 * bsc#1236007

Summary

## This update for ffmpeg fixes the following issues: * CVE-2025-22921: Clear array length when freeing it. (bsc#1237382) * CVE-2025-0518: Fix memory data leak when use sscanf(). (bsc#1236007) * CVE-2025-22919: Check for valid sample rate, to fix the invalid sample rate >= 0. (bsc#1237371) * CVE-2024-12361: Add check for av_packet_new_side_data() to avoid null pointer dereference if allocation fails. (bsc#1237358) * CVE-2024-36613: Adjust order of operations around block align. (bsc#1235092) * CVE-2024-35365: Fix double-free on error. (bsc#1235091) * CVE-2024-35368: Fix double-free on the AVFrame is unreferenced. (bsc#1234028) * CVE-2023-51793: Fix out of array access. (bsc#1223272). * CVE-2023-51793: Fixed a heap buffer overflow in the image_copy_plane

Topics Covered

security advisory software update important memory leak SUSE ffmpeg

References

* bsc#1223272

* bsc#1234028

* bsc#1235091

* bsc#1235092

* bsc#1236007

* bsc#1237358

* bsc#1237371

* bsc#1237382

Cross-

* CVE-2023-51793

* CVE-2024-12361

* CVE-2024-35365

* CVE-2024-35368

* CVE-2024-36613

* CVE-2025-0518

* CVE-2025-22919

* CVE-2025-22921

CVSS scores:

* CVE-2023-51793 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-12361 ( SUSE ): 5.1

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2024-12361 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-35365 ( SUSE ): 2.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2024-35365 ( SUSE ): 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

* CVE-2024-35365 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:1450-1

Release Date: 2025-05-05T07:43:27Z

Rating: important

Topics Covered

security advisory software update important memory leak SUSE ffmpeg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE: 2025:1450-1 critical update addresses ffmpeg memory leak issue

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE: 2025:1450-1 critical update addresses ffmpeg memory leak issue

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!