Home / mailings [USN-7823-1] FFmpeg vulnerabilities
Posted on 16 October 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7823-1
October 15, 2025
ffmpeg vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in FFmpeg.
Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files
Details:
It was discovered that FFmpeg did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS. (CVE-2024-35365)
It was discovered that FFmpeg did not correctly handle certain integer
calculations. An attacker could possibly use this issue to cause a denial
of service. (CVE-2024-35366)
It was discovered that FFmpeg may perform an out-of-bounds read under
certain circumstances. An attacker could possibly use this issue to cause
a denial of service. (CVE-2024-35367)
It was discovered that FFmpeg did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-35368)
It was discovered that FFmpeg did not correctly handle certain inputs,
which could lead to an integer overflow. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2024-36613, CVE-2024-36616, CVE-2024-36618)
It was discovered that FFmpeg did not correctly handle certain inputs,
which could lead to an integer overflow. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code. This
issue only affected Ubuntu 24.04 LTS. (CVE-2024-36619)
It was discovered that FFmpeg did not correctly handle certain memory
operations. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-7055)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
ffmpeg 7:6.1.1-3ubuntu5+esm5
Available with Ubuntu Pro
libavcodec-dev 7:6.1.1-3ubuntu5+esm5
Available with Ubuntu Pro
Ubuntu 22.04 LTS
ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm9
Available with Ubuntu Pro
libavcodec-dev 7:4.4.2-0ubuntu0.22.04.1+esm9
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ffmpeg 7:4.2.7-0ubuntu0.1+esm10
Available with Ubuntu Pro
libavcodec-dev 7:4.2.7-0ubuntu0.1+esm10
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ffmpeg 7:3.4.11-0ubuntu0.1+esm10
Available with Ubuntu Pro
libavcodec-dev 7:3.4.11-0ubuntu0.1+esm10
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ffmpeg 7:2.8.17-0ubuntu0.1+esm12
Available with Ubuntu Pro
libavcodec-dev 7:2.8.17-0ubuntu0.1+esm12
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7823-1
CVE-2024-35365, CVE-2024-35366, CVE-2024-35367, CVE-2024-35368,
CVE-2024-36613, CVE-2024-36616, CVE-2024-36618, CVE-2024-36619,
CVE-2024-7055
--===============4663430810290526111==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
