[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4241-1] ffmpeg security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4241-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
July 14, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ffmpeg
Version        : 7:4.3.9-0+deb11u1
CVE ID         : CVE-2023-6601 CVE-2023-6602 CVE-2023-6604 CVE-2023-6605

Multiple vulnerabilities have been fixed in the multimedia framework FFmpeg.

CVE-2023-6601

    Triggering arbitrary demuxers via base64 data URIs

CVE-2023-6602

    Improper parsing of input files in HLS playlists

CVE-2023-6604

    Demuxing of arbitrary data as XBIN-formatted data

CVE-2023-6605

    Arbitrary HTTP GET requests via crafted DASH playlist

For Debian 11 bullseye, these problems have been fixed in version
7:4.3.9-0+deb11u1.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmh09fIACgkQiNJCh6LY
mLGZ+Q/7BoiWbJA0FbJ6Q0Faditd14nGE73yXgHAA8Hw29U+rFPG/hwZNcJRK7UI
NaM0PcOXAJL9fvAqQtdTiVXQNTFs/uaVTQavLlfqG3AjWSCCA/3+Od+j/Dy/4JCQ
EDs5yIhBBPcifTIhzsH5rjrVmtTYy11sMn3hV4CpqsZUsrzICz1aMe1wRXJBajtX
v+daY00mQZDgygJ3po1XICBW0axA8G6rnxQiLFJog73blWRGJrEOhQcjKPGcr60y
ourgttqInycbdPZc9ydwZ2n9PGefD50lWR0fvSjasL7Qyp3BfxeV7dCO1427WX4r
gJOivIGVBiYBgjQbRAGZ3MExtDuRtqisPZ61ZXm6gZkBKG5HzfzZu/+iWReI1dqL
liEFc+FqCi6FSFJ9WgcE1xXpHZF5mN7TVubaONeKz3Tdn3C48j/Nm7keBYu+60xS
JXBSE0OarXjRPN68SCI3CmIaDqEScgilLHaADCM81qfqI0Tzaz9X+PI63SfCa7jj
F8t2l26kBbV4FYZMM1qSDK49sCrUagNoa58LIhRYjV3V+7lRfBUfsCMfOrS3N4Tl
XltLH1LImlzcEWyc4nYJ28vsVh2SFlZgzKA9BruxkFrWqCS4Y0wlpci6/Pi9/tYa
evykOECo0xVO/hrqatZXXu/y0JZFGWuUr5PlDcXbFopACQ02lQ8=
=Zq3u
-----END PGP SIGNATURE-----


Reply to: