Home / mailings [USN-8329-1] FFmpeg vulnerability
Posted on 28 May 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8329-1
May 28, 2026
ffmpeg vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
FFmpeg could be made to crash if it received specially crafted input.
Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files
Details:
It was discovered that the FFmpeg CAF decoder incorrectly handled certain
file size calculations. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
ffmpeg 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libavcodec-extra60 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libavcodec60 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libavdevice60 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libavfilter-extra9 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libavfilter9 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libavformat-extra60 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libavformat60 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libavutil58 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libpostproc57 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libswresample4 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
libswscale7 7:6.1.1-3ubuntu5+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8329-1
CVE-2024-36617
--===============6601795295507812112==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
