Alerts This Week
Warning Icon 1 652
Alerts This Week
Warning Icon 1 652

Ubuntu 24.04: FFmpeg Moderate DoS & SSRF Flaws USN-7830-1

ubuntu
Calendar Grey October 21, 2025
Dist Ubuntu Esm H88
Explore crucial updates for FFmpeg in Ubuntu addressing critical issues that could compromise multimedia handling.
Several security issues were fixed in FFmpeg.

Summary

Several security issues were fixed in FFmpeg.

Software Description:

- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

It was discovered that FFmpeg incorrectly handled the return values of

functions in its Firequalizer filter and in the HTTP Live Streaming (HLS)

implementation, leading to a NULL pointer dereference. If a user was

tricked into loading a crafted media file, a remote attacker could

possibly use this issue to make FFmpeg crash, resulting in a denial

of service. (CVE-2023-6603, CVE-2025-10256)

It was discovered that FFmpeg did not enforce an input format before

triggering the HTTP demuxer. A remote attacker could possibly use this

issue to perform a Server-Side Request Forgery (SSRF) attack.

(CVE-2025-6605)

It was discovered that FFmpeg incorrectly handled memory allocation in the

ALS audio decoder. If a user was tricked into loading a crafted media file,

a remote attacker could possibly use this issue to make FFmpeg crash,

resul...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate denial of service Ubuntu ffmpeg SSRF

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  ffmpeg                          7:6.1.1-3ubuntu5+esm6
                                  Available with Ubuntu Pro
  libavcodec60                    7:6.1.1-3ubuntu5+esm6
                                  Available with Ubuntu Pro
  libavformat60                   7:6.1.1-3ubuntu5+esm6
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm10
                                  Available with Ubuntu Pro
  libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm10
                                  Available with Ubuntu Pro
  libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm10
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  ffmpeg                          7:4.2.7-0ubuntu0.1+esm11
                                  Available with Ubuntu Pro
  libavcodec58                    7:4.2.7-0ubuntu0.1+esm11
                                  Available with Ubuntu Pro
  libavformat58                   7:4.2.7-0ubuntu0.1+esm11
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  ffmpeg                          7:3.4.11-0ubuntu0.1+esm11
                                  Available with Ubuntu Pro
  libavcodec57                    7:3.4.11-0ubuntu0.1+esm11
                                  Available with Ubuntu Pro
  libavformat57                   7:3.4.11-0ubuntu0.1+esm11
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7830-1

CVE-2023-6603, CVE-2023-6605, CVE-2025-10256, CVE-2025-7700,

CVE-2025-9951

Ubuntu Security Notice USN-7830-1

Topics%20covered

Topics Covered

security advisory moderate denial of service Ubuntu ffmpeg SSRF

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here