{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"ffmpeg security update", "category":"general", "title":"Synopsis" }, { "text":"An update for ffmpeg is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nA flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.(CVE-2025-7700)", "category":"general", "title":"Description" }, { "text":"An update for ffmpeg is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"ffmpeg", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2907", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2907" }, { "summary":"CVE-2025-7700", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-7700&packageName=ffmpeg" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7700" }, { "summary":"openEuler-SA-2025-2907 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openEuler-SA-2025-2907.json" } ], "title":"An update for ffmpeg is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2025-12-31T10:23:55+08:00", "revision_history":[ { "date":"2025-12-31T10:23:55+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-12-31T10:23:55+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-12-31T10:23:55+08:00", "id":"openEuler-SA-2025-2907", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-6.1.1-24.oe2403.aarch64.rpm", "name":"ffmpeg-6.1.1-24.oe2403.aarch64.rpm" }, "name":"ffmpeg-6.1.1-24.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-debuginfo-6.1.1-24.oe2403.aarch64.rpm", "name":"ffmpeg-debuginfo-6.1.1-24.oe2403.aarch64.rpm" }, "name":"ffmpeg-debuginfo-6.1.1-24.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-debugsource-6.1.1-24.oe2403.aarch64.rpm", "name":"ffmpeg-debugsource-6.1.1-24.oe2403.aarch64.rpm" }, "name":"ffmpeg-debugsource-6.1.1-24.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-devel-6.1.1-24.oe2403.aarch64.rpm", "name":"ffmpeg-devel-6.1.1-24.oe2403.aarch64.rpm" }, "name":"ffmpeg-devel-6.1.1-24.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-libs-6.1.1-24.oe2403.aarch64.rpm", "name":"ffmpeg-libs-6.1.1-24.oe2403.aarch64.rpm" }, "name":"ffmpeg-libs-6.1.1-24.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libavdevice-6.1.1-24.oe2403.aarch64.rpm", "name":"libavdevice-6.1.1-24.oe2403.aarch64.rpm" }, "name":"libavdevice-6.1.1-24.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-6.1.1-24.oe2403.src.rpm", "name":"ffmpeg-6.1.1-24.oe2403.src.rpm" }, "name":"ffmpeg-6.1.1-24.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-6.1.1-24.oe2403.x86_64.rpm", "name":"ffmpeg-6.1.1-24.oe2403.x86_64.rpm" }, "name":"ffmpeg-6.1.1-24.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-debuginfo-6.1.1-24.oe2403.x86_64.rpm", "name":"ffmpeg-debuginfo-6.1.1-24.oe2403.x86_64.rpm" }, "name":"ffmpeg-debuginfo-6.1.1-24.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-debugsource-6.1.1-24.oe2403.x86_64.rpm", "name":"ffmpeg-debugsource-6.1.1-24.oe2403.x86_64.rpm" }, "name":"ffmpeg-debugsource-6.1.1-24.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-devel-6.1.1-24.oe2403.x86_64.rpm", "name":"ffmpeg-devel-6.1.1-24.oe2403.x86_64.rpm" }, "name":"ffmpeg-devel-6.1.1-24.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"ffmpeg-libs-6.1.1-24.oe2403.x86_64.rpm", "name":"ffmpeg-libs-6.1.1-24.oe2403.x86_64.rpm" }, "name":"ffmpeg-libs-6.1.1-24.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"libavdevice-6.1.1-24.oe2403.x86_64.rpm", "name":"libavdevice-6.1.1-24.oe2403.x86_64.rpm" }, "name":"libavdevice-6.1.1-24.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-6.1.1-24.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.aarch64", "name":"ffmpeg-6.1.1-24.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-debuginfo-6.1.1-24.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-24.oe2403.aarch64", "name":"ffmpeg-debuginfo-6.1.1-24.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-debugsource-6.1.1-24.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-24.oe2403.aarch64", "name":"ffmpeg-debugsource-6.1.1-24.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-devel-6.1.1-24.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-24.oe2403.aarch64", "name":"ffmpeg-devel-6.1.1-24.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-libs-6.1.1-24.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-24.oe2403.aarch64", "name":"ffmpeg-libs-6.1.1-24.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libavdevice-6.1.1-24.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libavdevice-6.1.1-24.oe2403.aarch64", "name":"libavdevice-6.1.1-24.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-6.1.1-24.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.src", "name":"ffmpeg-6.1.1-24.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-6.1.1-24.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.x86_64", "name":"ffmpeg-6.1.1-24.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-debuginfo-6.1.1-24.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-24.oe2403.x86_64", "name":"ffmpeg-debuginfo-6.1.1-24.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-debugsource-6.1.1-24.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-24.oe2403.x86_64", "name":"ffmpeg-debugsource-6.1.1-24.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-devel-6.1.1-24.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-24.oe2403.x86_64", "name":"ffmpeg-devel-6.1.1-24.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"ffmpeg-libs-6.1.1-24.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-24.oe2403.x86_64", "name":"ffmpeg-libs-6.1.1-24.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"libavdevice-6.1.1-24.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:libavdevice-6.1.1-24.oe2403.x86_64", "name":"libavdevice-6.1.1-24.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-7700", "notes":[ { "text":"A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:libavdevice-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.src", "openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:libavdevice-6.1.1-24.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:libavdevice-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.src", "openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:libavdevice-6.1.1-24.oe2403.x86_64" ], "details":"ffmpeg security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2907" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:libavdevice-6.1.1-24.oe2403.aarch64", "openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.src", "openEuler-24.03-LTS:ffmpeg-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-devel-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:ffmpeg-libs-6.1.1-24.oe2403.x86_64", "openEuler-24.03-LTS:libavdevice-6.1.1-24.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-7700" } ] }