GSA-6361-1 ffmpeg - security update
A critical security vulnerability has been discovered in the FFmpeg multimedia framework, potentially allowing remote attackers to execute arbitrary code or cause a denial of service. Specifically, multiple heap-based buffer overflow and memory corruption issues exist in the libavformat, libavcodec, and libavutil libraries. These flaws can be triggered when processing malformed media files.
The Gnoppix Security Team urgently recommends immediate action. Users should upgrade their ffmpeg package to version 7:7.1.1-1+gnoppix1 for Gnoppix 23/25, and to version 7:7.1.1-1 for Gnoppix 25.
Exploitation via crafted media files is the primary threat. An attacker could deliver a malicious video, audio, or image file, leading to a system crash or full system compromise. This update is critical for all systems handling user-supplied media content. - Please update your systems.