ffmpeg-7-7.1.3-3.1 on GA media (moderate)

ffmpeg-7-7.1.3-3.1 on GA media Announcement ID: openSUSE-SU-2026:10768-1 Rating: moderate Cross-References: CVE-2026-40962 CVSS scores: CVE-2026-40962 SUSE : 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2026-40962 SUSE : 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N...

CLSA-2026-1777973407 libvpx: Fix of CVE-2024-5197

CVE-2024-5197: fix integer overflows in image allocation and wrapping logic...

Important: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

USN-8053-1: libvpx vulnerability

It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

Moderate: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Linux Distros Unpatched Vulnerability : CVE-2022-3109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of avmalloc and will cause a null pointe...

libvpx: Double-free in libvpx encoder

A flaw was found in libvpx. A double-free issue can occur in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This can cause memory corruption and an exploitable crash...

libvpx: Double-free in libvpx encoder

A flaw was found in libvpx. A double-free issue can occur in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This can cause memory corruption and an exploitable crash...

The vulnerability of the encoding library for generating video streams with the libx264 library in the FFmpeg multimedia library lies in improper code generation control. This allows attackers to execute arbitrary code.

The vulnerability of the encoding library for generating video streams with the libx264 library in the FFmpeg multimedia library is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created AAC file...

SUSE CVE-2024-5197

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be invalid. Calling...

DEBIAN-CVE-2023-6349

A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above...

CVE-2023-47470

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service DoS via the refpicliststruct function in libavcodec/evcps.c...

UBUNTU-CVE-2019-13312

blockcmp in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read...

Google Chrome FFmpeg Competitive Conditions Vulnerability

Google Chrome is an open source WEB browser. The 'updatedimensions' function in the libavcodec/vp8.c file of FFmpeg used by Google to perform multi-threaded operations relies on coefficient-partition counting, allowing remote attackers to build special WebM files for denial-of-service attacks...