[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 70386f1 web/security: Add more CVEs

ffmpeg-git at ffmpeg.org ffmpeg-git at ffmpeg.org
Sat Aug 2 18:29:15 EEST 2025 

The branch, master has been updated
       via  70386f1d527f76e2e0b21735769f9e059abe6fe9 (commit)
       via  a4265bb25ccc9393d6377779cbccd267270bd512 (commit)
      from  40e62e8a4178511ae3eb8d703b73667e505d3e4d (commit)


- Log -----------------------------------------------------------------
commit 70386f1d527f76e2e0b21735769f9e059abe6fe9
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Sat Aug 2 17:28:17 2025 +0200
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Sat Aug 2 17:28:17 2025 +0200

    web/security: Add more CVEs

diff --git a/src/security b/src/security
index 0f676ae..62fd6bc 100644
--- a/src/security
+++ b/src/security
@@ -5,6 +5,9 @@
 Fixes following vulnerabilities:
 </p>
 <pre>
+CVE-2023-6602, 91d96dc8ddaebe0b6cb393f672085e6bfaf15a31
+CVE-2023-6604, 91d96dc8ddaebe0b6cb393f672085e6bfaf15a31
+CVE-2023-6605, 4c96d6bf75357ab13808efc9f08c1b41b1bf5bdf
 CVE-2025-1373, 43be8d07281caca2e88bfd8ee2333633e1fb1a13, ticket/11460 never affected a release
 CVE-2025-22920 4bf784c0e5615c3f934e677d5de093a8be7da7ae, ticket/11389 never affected a release
 CVE-2025-25471 fd1772b7475d0d5673a5dd314ee78443d0be4cf1, ticket/11417 never affected a release
@@ -18,6 +21,9 @@ CVE-2025-25471 fd1772b7475d0d5673a5dd314ee78443d0be4cf1, ticket/11417 never affe
 Fixes following vulnerabilities:
 </p>
 <pre>
+CVE-2023-6602, b753bac08f6881b2d3dea8f1ab84c81550f35897 / 91d96dc8ddaebe0b6cb393f672085e6bfaf15a31
+CVE-2023-6604, b753bac08f6881b2d3dea8f1ab84c81550f35897 / 91d96dc8ddaebe0b6cb393f672085e6bfaf15a31
+CVE-2023-6605, c3c7ecfe48d464a0b06564f2e92504b1d9c91d69 / 4c96d6bf75357ab13808efc9f08c1b41b1bf5bdf
 CVE-2025-0518, b827ac49b770635fc666f8543cb9585e1bc6308b / b5b6391d64807578ab872dc58fb8aa621dcfc38a
 CVE-2025-1816, b06845c6727a7c4391a7d5f607ae078aa0073c43 / 0526535cd58444dd264e810b2f3348b4d96cff3b, ticket/11475
 CVE-2025-22919, 145a3a84550a1c3a3b848c12a64b53c3c41d2888 / 1446e37d3d032e1452844778b3e6ba2c20f0c322, ticket/11385
@@ -114,6 +120,14 @@ CVE-2024-7055, 5372bfe01e4a04357ab4465c1426cf8c6412dfd5 / 3faadbe2a27e74ff5bb5f7
 CVE-2024-7272, a937b3c58babae893fb46b286a4792cd24a01d3d / 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6
 </pre>
 
+<h3>5.1.5</h3>
+<p>
+Fixes following vulnerabilities:
+</p>
+<pre>
+CVE-2024-36617, f0e780370cc1c437d64f10d326b1d656ef490b5f / d973fcbcc2f944752ff10e6a76b0b2d9329937a7
+</pre>
+
 <h3>5.1.4</h3>
 <p>
 Fixes following vulnerabilities:
@@ -195,6 +209,7 @@ CVE-2021-33815, 26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
 CVE-2021-38114, 7150f9575671f898382c370acae35f9087a30ba1
 CVE-2021-38171, 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
 CVE-2021-38291, e01d306c647b5827102260b885faa223b646d2d1 ticket/9312,
+CVE-2023-6603,  28c83584e8f3cd747c1476a74cc2841d3d1fa7f3
 CVE-2023-47343, 0f6a3405e8987ad761a2d9139fdc95bbb6a61118
 </pre>
 
@@ -205,6 +220,9 @@ CVE-2023-47343, 0f6a3405e8987ad761a2d9139fdc95bbb6a61118
 Fixes following vulnerabilities:
 </p>
 <pre>
+CVE-2023-6602,  345202af04ae449417101b7bf25a7d4595af8a88 / 91d96dc8ddaebe0b6cb393f672085e6bfaf15a31
+CVE-2023-6604,  345202af04ae449417101b7bf25a7d4595af8a88 / 91d96dc8ddaebe0b6cb393f672085e6bfaf15a31
+CVE-2023-6605,  96a0450a9f20b51327cfabc30553377622e324b0 / 4c96d6bf75357ab13808efc9f08c1b41b1bf5bdf
 CVE-2023-49502, eb1782ea84ebdb357917b249a353552060a8ebe4 / 737ede405b11a37fdd61d19cf25df296a0cb0b75, ticket/10688
 CVE-2025-0518,  a0e2fd18917a19605bb4efd12c7501c6b8bc26d0 / b5b6391d64807578ab872dc58fb8aa621dcfc38a
 CVE-2025-22919, 2ec7f8ea4da98449061cb0f7e61c5d1cb4e1cc92 / 1446e37d3d032e1452844778b3e6ba2c20f0c322, ticket/11385
@@ -1983,6 +2001,7 @@ Fixes following vulnerabilities:
 <pre>
 CVE-2014-7933, 490a3ebf36821b81f73e34ad3f554cb523dd2682
 CVE-2015-3417, e8714f6f93d1a32f4e4655209960afcf4c185214
+CVE-2017-9051, 8d7ce5cdb707d4b22749f72d3f118e62e2b95cd3
 </pre>
 
 
@@ -3036,6 +3055,7 @@ Fixes following vulnerabilities:
 </p>
 <pre>
 CVE-2017-16803, b829da363985cb2f80130bba304cc29a632f6446
+CVE-2019-9719,  b9a07e787bd09036b96370bb87fdf841fe380f9f
 </pre>
 
 <h2>FFmpeg 0.11</h2>

commit a4265bb25ccc9393d6377779cbccd267270bd512
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Fri Aug 1 15:10:38 2025 +0200
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Fri Aug 1 15:11:09 2025 +0200

    web: Add CVE-2024-35368  + CVE-2024-35367
    
    Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

diff --git a/src/security b/src/security
index a433046..0f676ae 100644
--- a/src/security
+++ b/src/security
@@ -29,6 +29,7 @@ Fixes following vulnerabilities:
 </p>
 <pre>
 CVE-2024-7055 3faadbe2a27e74ff5bb5f7904ec27bb1f5287dc8
+CVE-2024-35368, 4513300989502090c4fd6560544dce399a8cd53c (specific to builds with --enable-rkmpp)
 </pre>
 
 
@@ -54,6 +55,7 @@ CVE-2023-50008, 5f87a68cf70dafeab2fb89b42e41a4c29053b89b, ticket/10701
 CVE-2024-28661, 66b50445cb36cf6adb49c2397362509aedb42c71
 CVE-2024-31578, 3bb00c0a420c3ce83c6fafee30270d69622ccad7
 CVE-2024-31582, 99debe5f823f45a482e1dc08de35879aa9c74bd2
+CVE-2024-35367, 09e6840cf7a3ee07a73c3ae88a020bf27ca1a667 (specific to builds for ppc with altivec)
 CVE-2024-36617, d973fcbcc2f944752ff10e6a76b0b2d9329937a7
 </pre>
 

-----------------------------------------------------------------------

Summary of changes:
 src/security | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)


hooks/post-receive
--

More information about the ffmpeg-cvslog mailing list