FERRAMENTAS LINUX: Critical FFmpeg Security Update: Patch 9 Vulnerabilities Now

segunda-feira, 5 de maio de 2025

Critical FFmpeg Security Update: Patch 9 Vulnerabilities Now

 

openSUSE



Critical FFmpeg security update patches 9 vulnerabilities, including memory leaks & zero-days. Learn how to secure SUSE Linux, openSUSE, and enterprise systems. Includes CVE-2025-22921, CVE-2023-51793 fixes.


Protect Your Systems from Memory Leaks, Buffer Overflows & Zero-Day Exploits

Why This Update Matters

The latest FFmpeg patch addresses 9 critical vulnerabilities (CVEs) impacting multimedia processing across Linux distributions. These fixes prevent:

  • Memory corruption (CVE-2025-22921, CVE-2024-35365)

  • Data leaks (CVE-2025-0518)

  • Heap buffer overflows (CVE-2023-51793)

  • Null pointer dereferences (CVE-2024-12361)

Enterprise Impact: Unpatched systems risk arbitrary code execution, crashes, or data breaches—especially in video processing pipelines, surveillance systems, or media servers.

Vulnerability Breakdown

1. Memory Handling Fixes

  • CVE-2025-22921: Clears array length post-free to prevent reuse-after-free attacks.

  • CVE-2024-35368: Fixes double-free in AVFrame unreferencing.

2. Input Validation

  • CVE-2025-22919: Validates sample rates to block malformed audio streams.

  • CVE-2024-36613: Reorders block align operations for safer parsing.

3. Critical Zero-Day Patches

  • CVE-2023-51793: Heap overflow in libavutil/imgutils.c (actively exploited).

  • CVE-2024-12361: Adds null-check for av_packet_new_side_data().

Full CVE ListSUSE Security Portal

FAQs

Q: Is this update relevant for cloud media servers?

A: Yes. Exploits like CVE-2023-51793 can compromise cloud-hosted FFmpeg instances.

Q: How urgent is patching?

A: Immediate. CVEs like CVE-2025-0518 are low-complexity attacks.

Patch Instructions for SUSE Linux

Recommended Methods

  1. YaST Online Update (GUI)

  2. Terminal:

    bash
    Copy
    Download
    zypper patch

Product-Specific Commands

DistributionInstall Command
openSUSE Leap 15.6zypper in -t patch openSUSE-SLE-15.6-2025-1450=1
SLES for SAP 15 SP5zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1450=1
Enterprise Storage 7.1zypper in -t patch SUSE-Storage-7.1-2025-1450=1

Full package list: See SUSE Bugzilla (references: bsc#1237382, bsc#1236007).

Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)