{"id":"MGASA-2025-0085","summary":"Updated ffmpeg packages fix security vulnerabilities","details":"A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06\nallows attackers to cause a Denial of Service (DoS) via opening a\ncrafted AAC file. (CVE-2025-22919)\nA heap buffer overflow vulnerability in FFmpeg before commit 4bf784c\nallows attackers to trigger a memory corruption via supplying a crafted\nmedia file in avformat when processing tile grid group streams. This can\nlead to a Denial of Service (DoS). (CVE-2025-22920)\nFFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a\nsegmentation violation via the component /libavcodec/jpeg2000dec.c.\n(CVE-2025-22921)\nFFmpeg git master before commit c08d30 was discovered to contain a NULL\npointer dereference via the component libavformat/mov.c.\n(CVE-2025-25473)\n","modified":"2026-04-16T00:10:40.565881813Z","published":"2025-03-02T07:18:39Z","upstream":["CVE-2025-0518","CVE-2025-22919","CVE-2025-22920","CVE-2025-22921","CVE-2025-25473"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0085.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34054"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/G5BFJ3U3RQS5BEVWWNUO24FHCSLCALHX/"}],"affected":[{"package":{"name":"ffmpeg","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.6-1.3.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0085.json"}},{"package":{"name":"ffmpeg","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.6-1.3.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0085.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}