Multiple vulnerabilities in the FFmpeg multimedia framework could lead to denial of service or arbitrary code execution when processing malformed files or streams. For Debian 13 (trixie), the issue is fixed in ffmpeg version 7:7.1.4-0+deb13u1; users are advised to upgrade their packages immediately.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6268-1] ffmpeg security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6268-1] ffmpeg security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Thu, 14 May 2026 13:46:11 +0000 Message-id: <[🔎] agXSI8LWpW1SE9y8@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6268-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg CVE ID : not yet available Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the stable distribution (trixie), this problem has been fixed in version 7:7.1.4-0+deb13u1. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoF0dsACgkQEMKTtsN8 TjaUeQ/+KBEmmwdE1HprHEf9zCR03UUjW62NuU0f7hs4OMrDVy+mJ4aSjooT0udV dN8xwh5b9wlA9y0JGNxzXsdA85IzPnmwLMyqZKZIVaJzqledrQ3jOrWrjVjo/T22 MPwP8WRz0mWDd30OTlEp5VcglDulLuXXCRjw2dW1jUp2gS1mmFBWP1f62tDSJKiN E5N3NJ13qruNDTXR7ORrzy4dQ5gxT0iycg+7A8J2LH0/5FQvRhOYbOgra2WfSwpw 7FV49mBgzsl6mY+Psb/jO2G+nI2jv+MGqlEU/oClH6Y/RgoNAHE1nYvzItSSQqgZ nA4ME0FrPTsAlYTcMOySSdy2cgas9QwKnd0PkfmjvpF6u3gfyBhoUx8H1O1od0OX W0eWMjPPzwbsGy6J5GDyWSPC7Qmn1bYn6ToLpr5xE0MPF5vQjoagOt3tNgJ24kZ7 kcx1+6UbFcgmJzBiyUlSa0IV0AyyKJeEyTGTTHIZdRYsZJi5Pu21oP77FUjShfil R/IxeqbxcBln4JUkec2cryIrL+mLVEAjBkK1Io3MBT0hhpJDyYv9BSIJ38+sw5uv ET+nJbnjeliRSCg+AjZaKPxEDgNAU43XT3tHIdO6zyez8fYSPnTyHgU9drqxzvDm pjwYE7I/ymbEwCgxfAMfDm1MPNBSYX2XV63zcfzfnYr2zv9qcmo= =ap8q -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6267-1] thunderbird security update Next by Date: [SECURITY] [DSA 6269-1] postgresql-15 security update Previous by thread: [SECURITY] [DSA 6267-1] thunderbird security update Next by thread: [SECURITY] [DSA 6269-1] postgresql-15 security update Index(es): Date Thread