ELA-1125-1 ffmpeg security update

buffer overflows

2024-07-06
Packageffmpeg
Version7:3.2.19-0+deb9u4 (stretch)
Related CVEs CVE-2022-48434 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51798 CVE-2024-31578


Several buffer overflow vulnerabilities were discovered in ffmpeg, tools for transcoding, streaming and playing of multimedia files. An attacker may use these flaws to create specially crafted multimedia files and cause a denial of service or arbitrary code execution when they are processed by ffmpeg.



For Debian 9 stretch, these problems have been fixed in version 7:3.2.19-0+deb9u4.

We recommend that you upgrade your ffmpeg packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.