Multiple unspecified vulnerabilities in the FFmpeg multimedia framework could lead to denial of service or arbitrary code execution when processing malformed files or streams. For Debian 12 (Bookworm), the issue has been fixed in ffmpeg version 7:5.1.9-0+deb12u1. Users are advised to upgrade their packages to this version.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6276-1] ffmpeg security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6276-1] ffmpeg security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Fri, 15 May 2026 21:20:28 +0000 Message-id: <[🔎] ageOHFNNi6hXemnd@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6276-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg CVE ID : not yet available Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the oldstable distribution (bookworm), this problem has been fixed in version 7:5.1.9-0+deb12u1. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoHjdwACgkQEMKTtsN8 TjYACA//cuE5gZORVKZFdtkBV2A5cRE5MdUNIYEYTluxg807BMpYlp9ykelxNUx1 qq+wCjIzJoKROp+cynQ0ky0p3cQQORVouv909+VBPzunX+59ZqGXlPwXYGUmuiAR 002+wEHEgXZqxY21seKOrQk/PTvOEWMurs34VdqE5Zim4qtmYkcIieXxr7jc7FRZ sTI2ECaHoR7+v3UcR9FvZtcITgI07GusN2tRmWYdQLO5hJQLs/pjh8FSrDDeVVDk HssqMESI5duVt16m1UlaZZ1srKjJnrAeBPoe8ZPtqXgVidn/wu1oh8/kmRJNMkap a+SYYaqak863CkNl1Zhc4TeUD/4ND5pQGD2pR+1BWQ9oPEPRAHCTO24Qg8llNvWi o7uaZnlxT0ELmPzNAaPFky7m7xvWfce+jTRs5KvoNH8ANODvgctJZqcvJd0M8pYt qz/ORwdNlS3svyOgoewYqQY9aAO8LMdtP1S3wnJAFyXgrcRU3D8IACLM/Ka1FuEv pB3nR3c7Azf7mFJgzGK6B2cB5GgqsBq0O6F0pu1XpK68Czl1oxwY+HlAasTsCnqi PqzSRPiAXMHTFcBgabOth481wCPt9jH4B7ae0c84AB1mOZqKvwCLO4mXXEiEQm+g kLOczbAkmRRSSjT3MA1yIOyQxnnfTJC9Z70NRAoUFEVtpylYQzc= =MiAF -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6275-1] linux security update Next by Date: [SECURITY] [DSA 6277-1] openjpeg2 security update Previous by thread: [SECURITY] [DSA 6275-1] linux security update Next by thread: [SECURITY] [DSA 6277-1] openjpeg2 security update Index(es): Date Thread