摘要:
ffmpeg security update
安全等级: Medium
公告ID: KylinSec-SA-2025-1247
发布日期: 2025年3月6日
关联CVE: CVE-2024-35369 CVE-2024-36619
FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.
Security Fix(es):
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.(CVE-2024-35369)
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.(CVE-2024-36619)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-35369 | V6 | ffmpeg | Fixed |
| CVE-2024-36619 | V6 | ffmpeg | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| ffmpeg | x86_64 | 6.1.1-19.ks6 |
| ffmpeg-devel | x86_64 | 6.1.1-19.ks6 |
| ffmpeg-libs | x86_64 | 6.1.1-19.ks6 |
| libavdevice | x86_64 | 6.1.1-19.ks6 |
| ffmpeg | aarch64 | 6.1.1-19.ks6 |
| ffmpeg-devel | aarch64 | 6.1.1-19.ks6 |
| ffmpeg-libs | aarch64 | 6.1.1-19.ks6 |
| libavdevice | aarch64 | 6.1.1-19.ks6 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
