VulnerableCode Package Details - pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1kt8-snqa-5ygv	A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.	CVE-2023-6602
VCID-1wgj-dtu4-qkdf	ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c.	CVE-2024-55069
VCID-hd6u-9x7x-mke8	A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.	CVE-2023-6605
VCID-k14h-eek4-s3cv	A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.	CVE-2025-22919
VCID-kcjw-jy65-hfge	A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.	CVE-2023-6604
VCID-u45n-rr9s-ffah	Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman	CVE-2025-0518
VCID-xh69-cs7h-wqb2	A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.	CVE-2025-1816

Vulnerability

Summary

Aliases

VCID-1kt8-snqa-5ygv

A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.

CVE-2023-6602

VCID-1wgj-dtu4-qkdf

ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c.

CVE-2024-55069

VCID-hd6u-9x7x-mke8

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.

CVE-2023-6605

VCID-k14h-eek4-s3cv

A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.

CVE-2025-22919

VCID-kcjw-jy65-hfge

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

CVE-2023-6604

VCID-u45n-rr9s-ffah

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman

CVE-2025-0518

VCID-xh69-cs7h-wqb2

A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.

CVE-2025-1816

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:28:25.352026+00:00	Debian Importer	Fixing	VCID-u45n-rr9s-ffah	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:00:53.743595+00:00	Debian Importer	Fixing	VCID-k14h-eek4-s3cv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:42:14.896801+00:00	Debian Importer	Fixing	VCID-hd6u-9x7x-mke8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:26:33.600678+00:00	Debian Importer	Fixing	VCID-xh69-cs7h-wqb2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:20:37.107618+00:00	Debian Importer	Fixing	VCID-kcjw-jy65-hfge	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:14:39.935027+00:00	Debian Importer	Fixing	VCID-1wgj-dtu4-qkdf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:06:24.220831+00:00	Debian Importer	Fixing	VCID-1kt8-snqa-5ygv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:32:21.625585+00:00	Debian Importer	Fixing	VCID-u45n-rr9s-ffah	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:28:34.573914+00:00	Debian Importer	Fixing	VCID-k14h-eek4-s3cv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:14:24.841050+00:00	Debian Importer	Fixing	VCID-hd6u-9x7x-mke8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:02:39.228509+00:00	Debian Importer	Fixing	VCID-xh69-cs7h-wqb2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:57:52.339561+00:00	Debian Importer	Fixing	VCID-kcjw-jy65-hfge	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:53:19.649550+00:00	Debian Importer	Fixing	VCID-1wgj-dtu4-qkdf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:06:04.006856+00:00	Debian Importer	Fixing	VCID-1kt8-snqa-5ygv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:15:10.453240+00:00	Debian Importer	Fixing	VCID-u45n-rr9s-ffah	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:08.349548+00:00	Debian Importer	Fixing	VCID-k14h-eek4-s3cv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:08.955938+00:00	Debian Importer	Fixing	VCID-hd6u-9x7x-mke8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:10.649190+00:00	Debian Importer	Fixing	VCID-xh69-cs7h-wqb2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:46.763074+00:00	Debian Importer	Fixing	VCID-kcjw-jy65-hfge	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:27.046841+00:00	Debian Importer	Fixing	VCID-1wgj-dtu4-qkdf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:03:50.833865+00:00	Debian Importer	Fixing	VCID-1kt8-snqa-5ygv	https://security-tracker.debian.org/tracker/data/json	38.1.0