{"schema_version":"1.7.2","id":"OESA-2025-1771","modified":"2025-07-11T12:18:31Z","published":"2025-07-11T12:18:31Z","upstream":["CVE-2020-21697","CVE-2020-22019","CVE-2020-22020","CVE-2020-22021","CVE-2020-22026","CVE-2020-22037","CVE-2020-22038","CVE-2020-22039","CVE-2020-22043","CVE-2020-22044","CVE-2020-22051","CVE-2021-38090","CVE-2025-22919","CVE-2025-22921"],"summary":"ffmpeg security update","details":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\r\n\r\nSecurity Fix(es):\n\nA heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.(CVE-2020-21697)\n\nBuffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.(CVE-2020-22019)\n\nBuffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.(CVE-2020-22020)\n\nBuffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.(CVE-2020-22021)\n\nBuffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.(CVE-2020-22026)\n\nA Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.(CVE-2020-22037)\n\nA Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.(CVE-2020-22038)\n\nA Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.(CVE-2020-22039)\n\nA Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.(CVE-2020-22043)\n\nA Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.(CVE-2020-22044)\n\nA Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.(CVE-2020-22051)\n\nInteger Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.(CVE-2021-38090)\n\nA reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.(CVE-2025-22919)\n\nFFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.(CVE-2025-22921)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"ffmpeg","purl":"pkg:rpm/openEuler/ffmpeg\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.4-24.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["ffmpeg-4.2.4-24.oe2203sp3.aarch64.rpm","ffmpeg-debuginfo-4.2.4-24.oe2203sp3.aarch64.rpm","ffmpeg-debugsource-4.2.4-24.oe2203sp3.aarch64.rpm","ffmpeg-devel-4.2.4-24.oe2203sp3.aarch64.rpm","ffmpeg-libs-4.2.4-24.oe2203sp3.aarch64.rpm","libavdevice-4.2.4-24.oe2203sp3.aarch64.rpm"],"src":["ffmpeg-4.2.4-24.oe2203sp3.src.rpm"],"x86_64":["ffmpeg-4.2.4-24.oe2203sp3.x86_64.rpm","ffmpeg-debuginfo-4.2.4-24.oe2203sp3.x86_64.rpm","ffmpeg-debugsource-4.2.4-24.oe2203sp3.x86_64.rpm","ffmpeg-devel-4.2.4-24.oe2203sp3.x86_64.rpm","ffmpeg-libs-4.2.4-24.oe2203sp3.x86_64.rpm","libavdevice-4.2.4-24.oe2203sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1771"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-21697"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22019"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22020"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22021"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22026"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22037"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22038"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22039"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22043"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22044"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22051"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38090"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22919"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22921"}],"database_specific":{"severity":"High"}}