{"id":"openSUSE-SU-2026:20710-1","summary":"Security update for ffmpeg-4","details":"This update for ffmpeg-4 fixes the following issues:\n\nChanges in ffmpeg-4:\n\n- CVE-2025-59728: Fixed out-of-bounds NUL-byte write when calculating the content path in handling of MPEG-DASH manifests (bsc#1251137).\n- CVE-2025-7700: Fixed a NULL Pointer Dereference in the ALS Decoder (bsc#1246790)\n- CVE-2024-36618: Fixed a integer overflow in AVI demuxer (bsc#1234020)\n- CVE-2023-6601: Fixed HLS Unsafe File Extension Bypass (bsc#1220545).\n\n- Update to release 4.4.6\n  * lavc/libx265: unbreak build for X265_BUILD \u003e= 210\n  * ARM: vp9mc: Load only 12 pixels in the 4 pixel wide\n    horizontal filter\n  * rtmpproto: Avoid rare crashes in the `fail:` codepath in\n    rtmp_open\n  * avcodec/snow: Fix off by 1 error in run_buffer\n  * avcodec/mpegvideo_enc: Check FLV1 resolution limits\n","modified":"2026-05-11T18:29:35.532053Z","published":"2026-05-09T08:50:33Z","related":["CVE-2022-1475","CVE-2023-22656","CVE-2023-45221","CVE-2023-47169","CVE-2023-47282","CVE-2023-48368","CVE-2023-49502","CVE-2023-50010","CVE-2023-51798","CVE-2023-6601","CVE-2024-36616","CVE-2024-36617","CVE-2024-36618","CVE-2025-0518","CVE-2025-22919","CVE-2025-59728","CVE-2025-7700"],"upstream":["CVE-2022-1475","CVE-2023-22656","CVE-2023-45221","CVE-2023-47169","CVE-2023-47282","CVE-2023-48368","CVE-2023-49502","CVE-2023-50010","CVE-2023-51798","CVE-2023-6601","CVE-2024-36616","CVE-2024-36617","CVE-2024-36618","CVE-2025-0518","CVE-2025-22919","CVE-2025-59728","CVE-2025-7700"],"references":[{"type":"ADVISORY"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198898"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220545"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223304"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226308"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226892"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226897"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226898"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226899"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226900"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226901"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230983"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234018"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234019"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234020"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246790"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251137"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-1475"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-22656"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45221"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-47169"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-47282"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-48368"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49502"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-50010"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-51798"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-6601"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-36616"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-36617"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-36618"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-0518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22919"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-59728"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-7700"}],"schema_version":"1.7.5"}