Not a user yet?
Log in Register for free Suggest a product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

USN-7830-1: FFmpeg vulnerabilities

Ubuntu ServerUbuntu Server
Canonical
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

USN-7830-1: FFmpeg vulnerabilities

Publication date: 21 October 2025
Overview: Several security issues were fixed in FFmpeg.

Packages
ffmpeg - Tools for transcoding, streaming and playing of multimedia files

Details
It was discovered that FFmpeg incorrectly handled the return values of
functions in its Firequalizer filter and in the HTTP Live Streaming (HLS)
implementation, leading to a NULL pointer dereference. If a user was
tricked into loading a crafted media file, a remote attacker could
possibly use this issue to make FFmpeg crash, resulting in a denial
of service. (CVE-2023-6603, CVE-2025-10256)

It was discovered that FFmpeg did not enforce an input format before
triggering the HTTP demuxer. A remote attacker could possibly use this
issue to perform a Server-Side Request Forgery (SSRF) attack.
(CVE-2025-6605)

It was discovered that FFmpeg incorrectly handled memory allocation in the
ALS audio decoder. If a user was tricked into loading a crafted media file,
a remote attacker could possibly use this issue to make FFmpeg crash,
resulting in a denial of service. (CVE-2025-7700)

It was discovered that FFmpeg incorrectly handled memory in the JPEG 2000
decoder, which could lead to a heap buffer overflow. If a user or
application were tricked into opening a specially crafted file, an
attacker could possibly use this issue to cause a denial of service
or leak sensitive information. (CVE-2025-9951)

Update instructions
The problem can be corrected by updating your system to the following package versions:

24.04 LTS noble

  • ffmpeg – 7:6.1.1-3ubuntu5+esm6
  • libavcodec60 – 7:6.1.1-3ubuntu5+esm6
  • libavformat60 – 7:6.1.1-3ubuntu5+esm6
    22.04 LTS jammy
  • ffmpeg – 7:4.4.2-0ubuntu0.22.04.1+esm10
  • libavcodec58 – 7:4.4.2-0ubuntu0.22.04.1+esm10
  • libavformat58 – 7:4.4.2-0ubuntu0.22.04.1+esm10
    20.04 LTS focal
  • ffmpeg – 7:4.2.7-0ubuntu0.1+esm11
  • libavcodec58 – 7:4.2.7-0ubuntu0.1+esm11
  • libavformat58 – 7:4.2.7-0ubuntu0.1+esm11
    18.04 LTS bionic
  • ffmpeg – 7:3.4.11-0ubuntu0.1+esm11
  • libavcodec57 – 7:3.4.11-0ubuntu0.1+esm11
  • libavformat57 – 7:3.4.11-0ubuntu0.1+esm11
Version: 24.04 LTS Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Canonical Ubuntu Server updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad