drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in ffmpeg-4
| Name: |
Mehrere Probleme in ffmpeg-4 |
|
| ID: |
SUSE-SU-2025:1128-1 |
|
| Distribution: |
SUSE |
|
| Plattformen: |
SUSE Linux Enterprise High Performance Computing 15 SP4, SUSE Linux Enterprise Server 15 SP4, SUSE Linux Enterprise Server for SAP Applications 15 SP4, SUSE openSUSE Leap 15.4, SUSE Linux Enterprise High Performance Computing LTSS 15 SP4, SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4, SUSE Linux Enterprise Server 15 SP4 LTSS |
|
| Datum: |
Fr, 4. April 2025, 07:11 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2024-35368
https://www.cve.org/CVERecord?id=CVE-2025-25473
https://www.cve.org/CVERecord?id=CVE-2025-22921
https://www.cve.org/CVERecord?id=CVE-2025-22919
https://www.cve.org/CVERecord?id=CVE-2024-36613
https://www.cve.org/CVERecord?id=CVE-2020-22037
https://www.cve.org/CVERecord?id=CVE-2025-0518
https://www.cve.org/CVERecord?id=CVE-2024-12361 |
|
| Applikationen: |
FFmpeg |
|
Originalnachricht |
--===============7906748290198558321==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
# Security update for ffmpeg-4
Announcement ID: SUSE-SU-2025:1128-1
Release Date: 2025-04-03T11:54:06Z
Rating: important
References:
* bsc#1186756
* bsc#1202848
* bsc#1215945
* bsc#1219494
* bsc#1229338
* bsc#1230983
* bsc#1234028
* bsc#1235092
* bsc#1236007
* bsc#1237351
* bsc#1237358
* bsc#1237371
* bsc#1237382
* jsc#PED-10024
Cross-References:
* CVE-2020-22037
* CVE-2024-12361
* CVE-2024-35368
* CVE-2024-36613
* CVE-2025-0518
* CVE-2025-22919
* CVE-2025-22921
* CVE-2025-25473
CVSS scores:
* CVE-2020-22037 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2020-22037 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-12361 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-12361 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35368 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-35368 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35368 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-36613 ( SUSE ): 4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-36613 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
* CVE-2024-36613 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-0518 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-0518 ( NVD ): 4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-22919 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22919 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-22919 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-22921 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22921 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-22921 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-25473 ( SUSE ): 0.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-25473 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
* CVE-2025-25473 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves eight vulnerabilities, contains one feature and has five
security fixes can now be installed.
## Description:
This update for ffmpeg-4 fixes the following issues:
* CVE-2020-22037: Fixed unchecked return value of the init_vlc function
(bsc#1186756)
* CVE-2024-12361: Fixed null pointer dereference (bsc#1237358)
* CVE-2024-35368: Fixed double free via the rkmpp_retrieve_frame function
within libavcodec/rkmppdec.c (bsc#1234028)
* CVE-2024-36613: Fixed integer overflow in the DXA demuxer of the
libavformat
library (bsc#1235092)
* CVE-2025-0518: Fixed memory leak due to unchecked sscanf return value
(bsc#1236007)
* CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC
file
(bsc#1237371)
* CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference
via
the component /libavcodec/jpeg2000dec.c (bsc#1237382)
* CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351)
Other fixes:
* Build with SVT-AV1 3.0.0.
* Update to release 4.4.5:
* Adjust bconds to build the package in SLFO without xvidcore.
* Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
(bsc#1229338)
* Add ffmpeg-c99.patch so that the package conforms to the C99 standard and
builds on i586 with GCC 14.
* No longer build against libmfx; build against libvpl (bsc#1230983,
bsc#1219494)
* Drop libmfx dependency from our product (jira #PED-10024)
* Update patch to build with glslang 14
* Disable vmaf integration as ffmpeg-4 cannot handle vmaf>=3
* Copy codec list from ffmpeg-6
* Resolve build failure with binutils >= 2.41. (bsc#1215945)
* Update to version 4.4.4:
* avcodec/012v: Order operations for odd size handling
* avcodec/alsdec: The minimal block is at least 7 bits
* avcodec/bink:
* Avoid undefined out of array end pointers in
binkb_decode_plane()
* Fix off by 1 error in ref end
* avcodec/eac3dec: avoid float noise in fixed mode addition to
overflow
* avcodec/eatgq: : Check index increments in tgq_decode_block()
* avcodec/escape124:
* Fix signdness of end of input check
* Fix some return codes
* avcodec/ffv1dec:
* Check that num h/v slices is supported
* Fail earlier if prior context is corrupted
* Restructure slice coordinate reading a bit
* avcodec/mjpegenc: take into account component count when
writing the SOF header size
* avcodec/mlpdec: Check max matrix instead of max channel in
noise check
* avcodec/motionpixels: Mask pixels to valid values
* avcodec/mpeg12dec: Check input size
* avcodec/nvenc:
* Fix b-frame DTS behavior with fractional framerates
* Fix vbv buffer size in cq mode
* avcodec/pictordec: Remove mid exit branch
* avcodec/pngdec: Check deloco index more exactly
* avcodec/rpzaenc: stop accessing out of bounds frame
* avcodec/scpr3: Check bx
* avcodec/scpr: Test bx before use
* avcodec/snowenc: Fix visual weight calculation
* avcodec/speedhq: Check buf_size to be big enough for DC
* avcodec/sunrast: Fix maplength check
* avcodec/tests/snowenc:
* Fix 2nd test
* Return a failure if DWT/IDWT mismatches
* Unbreak DWT tests
* avcodec/tiff: Ignore tile_count
* avcodec/utils:
* Allocate a line more for VC1 and WMV3
* Ensure linesize for SVQ3
* Use 32pixel alignment for bink
* avcodec/videodsp_template: Adjust pointers to avoid undefined
pointer things
* avcodec/vp3: Add missing check for av_malloc
* avcodec/wavpack:
* Avoid undefined shift in get_tail()
* Check for end of input in wv_unpack_dsd_high()
* avcodec/xpmdec: Check size before allocation to avoid
truncation
* avfilter/vf_untile: swap the chroma shift values used for plane
offsets
* avformat/id3v2: Check taglen in read_uslt()
* avformat/mov: Check samplesize and offset to avoid integer
overflow
* avformat/mxfdec: Use 64bit in remainder
* avformat/nutdec: Add check for avformat_new_stream
* avformat/replaygain: avoid undefined / negative abs
* swscale/input: Use more unsigned intermediates
* swscale/output: Bias 16bps output calculations to improve non
overflowing range
* swscale: aarch64: Fix yuv2rgb with negative stride
* Use https for repository links
* Update to version 4.4.3:
* Stable bug fix release, mainly codecs, filter and format fixes.
* Add patch to detect SDL2 >= 2.1.0 (bsc#1202848):
* Update to version 4.4.2:
* Stable bug fix release, mainly codecs, filter and format fixes.
* Add conflicts for ffmpeg-5's tools
* Enable Vulkan filters
* Fix OS version check, so nvcodec is enabled for Leap too.
* Disamble libsmbclient usage (can always be built with
\--with-smbclient): the usecase of ffmpeg directly accessing
smb:// shares is quite constructed (most users will have their
smb shares mounted).
* Update to version 4.4.1:
* Stable bug fix release, mainly codecs and format fixes.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1128=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1128=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1128=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1128=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1128=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-debugsource-4.4.5-150400.3.46.1
* libavcodec58_134-4.4.5-150400.3.46.1
* ffmpeg-4-libavdevice-devel-4.4.5-150400.3.46.1
* ffmpeg-4-libavresample-devel-4.4.5-150400.3.46.1
* ffmpeg-4-libswscale-devel-4.4.5-150400.3.46.1
* libavfilter7_110-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-4.4.5-150400.3.46.1
* libavutil56_70-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-debuginfo-4.4.5-150400.3.46.1
* libavresample4_0-4.4.5-150400.3.46.1
* ffmpeg-4-libswresample-devel-4.4.5-150400.3.46.1
* libavdevice58_13-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-4.4.5-150400.3.46.1
* ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
* libswscale5_9-debuginfo-4.4.5-150400.3.46.1
* libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-4.4.5-150400.3.46.1
* ffmpeg-4-libavutil-devel-4.4.5-150400.3.46.1
* libpostproc55_9-4.4.5-150400.3.46.1
* ffmpeg-4-libpostproc-devel-4.4.5-150400.3.46.1
* libavfilter7_110-4.4.5-150400.3.46.1
* ffmpeg-4-libavcodec-devel-4.4.5-150400.3.46.1
* ffmpeg-4-libavfilter-devel-4.4.5-150400.3.46.1
* ffmpeg-4-libavformat-devel-4.4.5-150400.3.46.1
* libswscale5_9-4.4.5-150400.3.46.1
* libavformat58_76-debuginfo-4.4.5-150400.3.46.1
* libavdevice58_13-4.4.5-150400.3.46.1
* libswresample3_9-4.4.5-150400.3.46.1
* ffmpeg-4-private-devel-4.4.5-150400.3.46.1
* libavresample4_0-debuginfo-4.4.5-150400.3.46.1
* openSUSE Leap 15.4 (x86_64)
* libavresample4_0-32bit-4.4.5-150400.3.46.1
* libswresample3_9-32bit-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-32bit-debuginfo-4.4.5-150400.3.46.1
* libavresample4_0-32bit-debuginfo-4.4.5-150400.3.46.1
* libpostproc55_9-32bit-4.4.5-150400.3.46.1
* libavcodec58_134-32bit-debuginfo-4.4.5-150400.3.46.1
* libavcodec58_134-32bit-4.4.5-150400.3.46.1
* libswresample3_9-32bit-4.4.5-150400.3.46.1
* libswscale5_9-32bit-debuginfo-4.4.5-150400.3.46.1
* libavdevice58_13-32bit-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-32bit-4.4.5-150400.3.46.1
* libpostproc55_9-32bit-debuginfo-4.4.5-150400.3.46.1
* libswscale5_9-32bit-4.4.5-150400.3.46.1
* libavfilter7_110-32bit-debuginfo-4.4.5-150400.3.46.1
* libavfilter7_110-32bit-4.4.5-150400.3.46.1
* libavutil56_70-32bit-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-32bit-4.4.5-150400.3.46.1
* libavdevice58_13-32bit-4.4.5-150400.3.46.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libavresample4_0-64bit-debuginfo-4.4.5-150400.3.46.1
* libpostproc55_9-64bit-4.4.5-150400.3.46.1
* libavutil56_70-64bit-4.4.5-150400.3.46.1
* libavfilter7_110-64bit-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-64bit-debuginfo-4.4.5-150400.3.46.1
* libswscale5_9-64bit-4.4.5-150400.3.46.1
* libavfilter7_110-64bit-4.4.5-150400.3.46.1
* libavdevice58_13-64bit-4.4.5-150400.3.46.1
* libpostproc55_9-64bit-debuginfo-4.4.5-150400.3.46.1
* libavcodec58_134-64bit-debuginfo-4.4.5-150400.3.46.1
* libavresample4_0-64bit-4.4.5-150400.3.46.1
* libswscale5_9-64bit-debuginfo-4.4.5-150400.3.46.1
* libavdevice58_13-64bit-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-64bit-debuginfo-4.4.5-150400.3.46.1
* libavcodec58_134-64bit-4.4.5-150400.3.46.1
* libavutil56_70-64bit-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-64bit-4.4.5-150400.3.46.1
* libavformat58_76-64bit-4.4.5-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libpostproc55_9-4.4.5-150400.3.46.1
* libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-debugsource-4.4.5-150400.3.46.1
* libavcodec58_134-4.4.5-150400.3.46.1
* libavformat58_76-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-4.4.5-150400.3.46.1
* ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-4.4.5-150400.3.46.1
* libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-4.4.5-150400.3.46.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libpostproc55_9-4.4.5-150400.3.46.1
* libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-debugsource-4.4.5-150400.3.46.1
* libavcodec58_134-4.4.5-150400.3.46.1
* libavformat58_76-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-4.4.5-150400.3.46.1
* ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-4.4.5-150400.3.46.1
* libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-4.4.5-150400.3.46.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libpostproc55_9-4.4.5-150400.3.46.1
* libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-debugsource-4.4.5-150400.3.46.1
* libavcodec58_134-4.4.5-150400.3.46.1
* libavformat58_76-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-4.4.5-150400.3.46.1
* ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-4.4.5-150400.3.46.1
* libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-4.4.5-150400.3.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libpostproc55_9-4.4.5-150400.3.46.1
* libpostproc55_9-debuginfo-4.4.5-150400.3.46.1
* ffmpeg-4-debugsource-4.4.5-150400.3.46.1
* libavcodec58_134-4.4.5-150400.3.46.1
* libavformat58_76-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-debuginfo-4.4.5-150400.3.46.1
* libavformat58_76-4.4.5-150400.3.46.1
* ffmpeg-4-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-debuginfo-4.4.5-150400.3.46.1
* libswresample3_9-4.4.5-150400.3.46.1
* libavcodec58_134-debuginfo-4.4.5-150400.3.46.1
* libavutil56_70-4.4.5-150400.3.46.1
## References:
* https://www.suse.com/security/cve/CVE-2020-22037.html
* https://www.suse.com/security/cve/CVE-2024-12361.html
* https://www.suse.com/security/cve/CVE-2024-35368.html
* https://www.suse.com/security/cve/CVE-2024-36613.html
* https://www.suse.com/security/cve/CVE-2025-0518.html
* https://www.suse.com/security/cve/CVE-2025-22919.html
* https://www.suse.com/security/cve/CVE-2025-22921.html
* https://www.suse.com/security/cve/CVE-2025-25473.html
* https://bugzilla.suse.com/show_bug.cgi?id=1186756
* https://bugzilla.suse.com/show_bug.cgi?id=1202848
* https://bugzilla.suse.com/show_bug.cgi?id=1215945
* https://bugzilla.suse.com/show_bug.cgi?id=1219494
* https://bugzilla.suse.com/show_bug.cgi?id=1229338
* https://bugzilla.suse.com/show_bug.cgi?id=1230983
* https://bugzilla.suse.com/show_bug.cgi?id=1234028
* https://bugzilla.suse.com/show_bug.cgi?id=1235092
* https://bugzilla.suse.com/show_bug.cgi?id=1236007
* https://bugzilla.suse.com/show_bug.cgi?id=1237351
* https://bugzilla.suse.com/show_bug.cgi?id=1237358
* https://bugzilla.suse.com/show_bug.cgi?id=1237371
* https://bugzilla.suse.com/show_bug.cgi?id=1237382
* https://jira.suse.com/browse/PED-10024
--===============7906748290198558321==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<div class="container">
<h1>Security update for ffmpeg-4</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:1128-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-04-03T11:54:06Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1186756">bsc#1186756</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202848">bsc#1202848</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215945">bsc#1215945</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219494">bsc#1219494</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229338">bsc#1229338</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230983">bsc#1230983</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1234028">bsc#1234028</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1235092">bsc#1235092</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236007">bsc#1236007</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1237351">bsc#1237351</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1237358">bsc#1237358</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1237371">bsc#1237371</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1237382">bsc#1237382</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-10024">jsc#PED-10024</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2020-22037.html">CVE-2020-22037</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-12361.html">CVE-2024-12361</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-35368.html">CVE-2024-35368</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-36613.html">CVE-2024-36613</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-0518.html">CVE-2025-0518</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-22919.html">CVE-2025-22919</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-22921.html">CVE-2025-22921</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-25473.html">CVE-2025-25473</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span
class="cvss-reference">CVE-2020-22037</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2020-22037</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-12361</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-12361</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">4.0</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-35368</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.9</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-35368</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.3</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-35368</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-36613</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">4.8</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-36613</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">3.9</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-36613</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.2</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-0518</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">4.3</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-0518</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">4.8</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-22919</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">4.8</span>
<span
class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-22919</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">3.3</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-22919</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-22921</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">4.8</span>
<span
class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-22921</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">3.3</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-22921</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-25473</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">0.0</span>
<span
class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-25473</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">0.0</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-25473</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">5.3</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">openSUSE Leap
15.4</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing ESPOS 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing LTSS 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP4 LTSS</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP4</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves eight vulnerabilities, contains one feature
and has five security fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for ffmpeg-4 fixes the following issues:
</p>
<ul>
<li>CVE-2020-22037: Fixed unchecked return value of the init_vlc function
(bsc#1186756) </li>
<li>CVE-2024-12361: Fixed null pointer dereference (bsc#1237358)
</li>
<li>CVE-2024-35368: Fixed double free via the rkmpp_retrieve_frame
function within libavcodec/rkmppdec.c (bsc#1234028) </li>
<li>CVE-2024-36613: Fixed integer overflow in the DXA demuxer of the
libavformat library (bsc#1235092) </li>
<li>CVE-2025-0518: Fixed memory leak due to unchecked sscanf return value
(bsc#1236007) </li>
<li>CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted
AAC file (bsc#1237371) </li>
<li>CVE-2025-22921: Fixed segmentation violation in NULL pointer
dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382) </li>
<li>CVE-2025-25473: Fixed memory leak in avformat_free_context()
(bsc#1237351) </li>
</ul>
<p>Other fixes:
</p>
<ul>
<li>
<p>Build with SVT-AV1 3.0.0.
</p>
</li>
<li>
<p>Update to release 4.4.5:
</p>
</li>
<li>Adjust bconds to build the package in SLFO without xvidcore.
</li>
<li>Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
(bsc#1229338) </li>
<li>Add ffmpeg-c99.patch so that the package conforms to the C99 standard
and builds on i586 with GCC 14. </li>
<li>No longer build against libmfx; build against libvpl (bsc#1230983,
bsc#1219494) </li>
<li>Drop libmfx dependency from our product (jira #PED-10024)
</li>
<li>Update patch to build with glslang 14
</li>
<li>Disable vmaf integration as ffmpeg-4 cannot handle vmaf>=3
</li>
<li>Copy codec list from ffmpeg-6
</li>
<li>
<p>Resolve build failure with binutils >= 2.41.
(bsc#1215945)</p>
</li>
<li>
<p>Update to version 4.4.4:
</p>
</li>
<li>avcodec/012v: Order operations for odd size handling
</li>
<li>avcodec/alsdec: The minimal block is at least 7 bits
</li>
<li>avcodec/bink:
<ul>
<li>Avoid undefined out of array end pointers in
<br />
binkb_decode_plane()
</li>
<li>Fix off by 1 error in ref end
</li>
</ul>
</li>
<li>avcodec/eac3dec: avoid float noise in fixed mode addition to
<br />
overflow
</li>
<li>avcodec/eatgq: : Check index increments in tgq_decode_block()
</li>
<li>avcodec/escape124:
<ul>
<li>Fix signdness of end of input check
</li>
<li>Fix some return codes
</li>
</ul>
</li>
<li>avcodec/ffv1dec:
<ul>
<li>Check that num h/v slices is supported
</li>
<li>Fail earlier if prior context is corrupted
</li>
<li>Restructure slice coordinate reading a bit
</li>
</ul>
</li>
<li>avcodec/mjpegenc: take into account component count when
<br />
writing the SOF header size
</li>
<li>avcodec/mlpdec: Check max matrix instead of max channel in
<br />
noise check
</li>
<li>avcodec/motionpixels: Mask pixels to valid values
</li>
<li>avcodec/mpeg12dec: Check input size
</li>
<li>avcodec/nvenc:
<ul>
<li>Fix b-frame DTS behavior with fractional framerates
</li>
<li>Fix vbv buffer size in cq mode
</li>
</ul>
</li>
<li>avcodec/pictordec: Remove mid exit branch
</li>
<li>avcodec/pngdec: Check deloco index more exactly
</li>
<li>avcodec/rpzaenc: stop accessing out of bounds frame
</li>
<li>avcodec/scpr3: Check bx
</li>
<li>avcodec/scpr: Test bx before use
</li>
<li>avcodec/snowenc: Fix visual weight calculation
</li>
<li>avcodec/speedhq: Check buf_size to be big enough for DC
</li>
<li>avcodec/sunrast: Fix maplength check
</li>
<li>avcodec/tests/snowenc:
<ul>
<li>Fix 2nd test
</li>
<li>Return a failure if DWT/IDWT mismatches
</li>
<li>Unbreak DWT tests
</li>
</ul>
</li>
<li>avcodec/tiff: Ignore tile_count
</li>
<li>avcodec/utils:
<ul>
<li>Allocate a line more for VC1 and WMV3
</li>
<li>Ensure linesize for SVQ3
</li>
<li>Use 32pixel alignment for bink
</li>
</ul>
</li>
<li>avcodec/videodsp_template: Adjust pointers to avoid undefined
<br />
pointer things
</li>
<li>avcodec/vp3: Add missing check for av_malloc
</li>
<li>avcodec/wavpack:
<ul>
<li>Avoid undefined shift in get_tail()
</li>
<li>Check for end of input in wv_unpack_dsd_high()
</li>
</ul>
</li>
<li>avcodec/xpmdec: Check size before allocation to avoid
<br />
truncation
</li>
<li>avfilter/vf_untile: swap the chroma shift values used for plane
<br />
offsets
</li>
<li>avformat/id3v2: Check taglen in read_uslt()
</li>
<li>avformat/mov: Check samplesize and offset to avoid integer
<br />
overflow
</li>
<li>avformat/mxfdec: Use 64bit in remainder
</li>
<li>avformat/nutdec: Add check for avformat_new_stream
</li>
<li>avformat/replaygain: avoid undefined / negative abs
</li>
<li>swscale/input: Use more unsigned intermediates
</li>
<li>swscale/output: Bias 16bps output calculations to improve non
<br />
overflowing range
</li>
<li>swscale: aarch64: Fix yuv2rgb with negative stride
</li>
<li>
<p>Use https for repository links
</p>
</li>
<li>
<p>Update to version 4.4.3:
</p>
</li>
<li>
<p>Stable bug fix release, mainly codecs, filter and format fixes.
</p>
</li>
<li>
<p>Add patch to detect SDL2 >= 2.1.0 (bsc#1202848):
</p>
</li>
<li>
<p>Update to version 4.4.2:
</p>
</li>
<li>
<p>Stable bug fix release, mainly codecs, filter and format fixes.
</p>
</li>
<li>
<p>Add conflicts for ffmpeg-5's tools
</p>
</li>
<li>Enable Vulkan filters
</li>
<li>Fix OS version check, so nvcodec is enabled for Leap too.
</li>
<li>
<p>Disamble libsmbclient usage (can always be built with
<br />
--with-smbclient): the usecase of ffmpeg directly accessing
<br />
smb:// shares is quite constructed (most users will have their
<br />
smb shares mounted).
</p>
</li>
<li>
<p>Update to version 4.4.1:
</p>
</li>
<li>Stable bug fix release, mainly codecs and format fixes.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper
patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.4
<br/>
<code>zypper in -t patch
SUSE-2025-1128=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1128=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1128=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP4 LTSS
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1128=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1128=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
<ul>
<li>libpostproc55_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-debugsource-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-libavdevice-devel-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-libavresample-devel-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-libswscale-devel-4.4.5-150400.3.46.1</li>
<li>libavfilter7_110-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavresample4_0-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-libswresample-devel-4.4.5-150400.3.46.1</li>
<li>libavdevice58_13-debuginfo-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswscale5_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-libavutil-devel-4.4.5-150400.3.46.1</li>
<li>libpostproc55_9-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-libpostproc-devel-4.4.5-150400.3.46.1</li>
<li>libavfilter7_110-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-libavcodec-devel-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-libavfilter-devel-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-libavformat-devel-4.4.5-150400.3.46.1</li>
<li>libswscale5_9-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavdevice58_13-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-private-devel-4.4.5-150400.3.46.1</li>
<li>libavresample4_0-debuginfo-4.4.5-150400.3.46.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.4 (x86_64)
<ul>
<li>libavresample4_0-32bit-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-32bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-32bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavresample4_0-32bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libpostproc55_9-32bit-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-32bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-32bit-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-32bit-4.4.5-150400.3.46.1</li>
<li>libswscale5_9-32bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavdevice58_13-32bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-32bit-4.4.5-150400.3.46.1</li>
<li>libpostproc55_9-32bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswscale5_9-32bit-4.4.5-150400.3.46.1</li>
<li>libavfilter7_110-32bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavfilter7_110-32bit-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-32bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-32bit-4.4.5-150400.3.46.1</li>
<li>libavdevice58_13-32bit-4.4.5-150400.3.46.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.4 (aarch64_ilp32)
<ul>
<li>libavresample4_0-64bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libpostproc55_9-64bit-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-64bit-4.4.5-150400.3.46.1</li>
<li>libavfilter7_110-64bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-64bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswscale5_9-64bit-4.4.5-150400.3.46.1</li>
<li>libavfilter7_110-64bit-4.4.5-150400.3.46.1</li>
<li>libavdevice58_13-64bit-4.4.5-150400.3.46.1</li>
<li>libpostproc55_9-64bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-64bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavresample4_0-64bit-4.4.5-150400.3.46.1</li>
<li>libswscale5_9-64bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavdevice58_13-64bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-64bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-64bit-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-64bit-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-64bit-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-64bit-4.4.5-150400.3.46.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing ESPOS 15
SP4 (aarch64 x86_64)
<ul>
<li>libpostproc55_9-4.4.5-150400.3.46.1</li>
<li>libpostproc55_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-debugsource-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-4.4.5-150400.3.46.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15
SP4 (aarch64 x86_64)
<ul>
<li>libpostproc55_9-4.4.5-150400.3.46.1</li>
<li>libpostproc55_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-debugsource-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-4.4.5-150400.3.46.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le
s390x x86_64)
<ul>
<li>libpostproc55_9-4.4.5-150400.3.46.1</li>
<li>libpostproc55_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-debugsource-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-4.4.5-150400.3.46.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP4
(ppc64le x86_64)
<ul>
<li>libpostproc55_9-4.4.5-150400.3.46.1</li>
<li>libpostproc55_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-debugsource-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavformat58_76-4.4.5-150400.3.46.1</li>
<li>ffmpeg-4-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-debuginfo-4.4.5-150400.3.46.1</li>
<li>libswresample3_9-4.4.5-150400.3.46.1</li>
<li>libavcodec58_134-debuginfo-4.4.5-150400.3.46.1</li>
<li>libavutil56_70-4.4.5-150400.3.46.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2020-22037.html">https://www.suse.com/security/cve/CVE-2020-22037.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-12361.html">https://www.suse.com/security/cve/CVE-2024-12361.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-35368.html">https://www.suse.com/security/cve/CVE-2024-35368.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-36613.html">https://www.suse.com/security/cve/CVE-2024-36613.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-0518.html">https://www.suse.com/security/cve/CVE-2025-0518.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-22919.html">https://www.suse.com/security/cve/CVE-2025-22919.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-22921.html">https://www.suse.com/security/cve/CVE-2025-22921.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-25473.html">https://www.suse.com/security/cve/CVE-2025-25473.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1186756">https://bugzilla.suse.com/show_bug.cgi?id=1186756</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202848">https://bugzilla.suse.com/show_bug.cgi?id=1202848</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215945">https://bugzilla.suse.com/show_bug.cgi?id=1215945</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219494">https://bugzilla.suse.com/show_bug.cgi?id=1219494</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229338">https://bugzilla.suse.com/show_bug.cgi?id=1229338</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230983">https://bugzilla.suse.com/show_bug.cgi?id=1230983</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1234028">https://bugzilla.suse.com/show_bug.cgi?id=1234028</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1235092">https://bugzilla.suse.com/show_bug.cgi?id=1235092</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236007">https://bugzilla.suse.com/show_bug.cgi?id=1236007</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1237351">https://bugzilla.suse.com/show_bug.cgi?id=1237351</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1237358">https://bugzilla.suse.com/show_bug.cgi?id=1237358</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1237371">https://bugzilla.suse.com/show_bug.cgi?id=1237371</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1237382">https://bugzilla.suse.com/show_bug.cgi?id=1237382</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-10024">https://jira.suse.com/browse/PED-10024</a>
</li>
</ul>
</div>
--===============7906748290198558321==--
|
|
|
|
