{"id":"MGASA-2024-0283","summary":"Updated ffmpeg packages fix security vulnerabilities","details":"A vulnerability was found in FFmpeg up to 7.0.1. It has been classified\nas critical. This affects the function pnm_decode_frame in the library\n/libavcodec/pnmdec.c. The manipulation leads to heap-based buffer\noverflow. It is possible to initiate the attack remotely. The exploit\nhas been disclosed to the public and may be used. (CVE-2024-7055)\nA vulnerability, which was classified as critical, was found in FFmpeg\nup to 5.1.5. This affects the function fill_audiodata of the file\n/libswresample/swresample.c. The manipulation leads to heap-based buffer\noverflow. It is possible to initiate the attack remotely.\n(CVE-2024-7272)\n","modified":"2026-02-04T03:07:56.972878Z","published":"2024-09-09T19:00:01Z","related":["CVE-2024-7055","CVE-2024-7272"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0283.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33524"},{"type":"REPORT","url":"https://lwn.net/Articles/985600/"}],"affected":[{"package":{"name":"ffmpeg","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.6-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0283.json"}},{"package":{"name":"ffmpeg","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.6-1.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0283.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}