Debian Package Tracker
Register | Log in
Subscribe

ffmpeg

Tools for transcoding, streaming and playing of multimedia files

Choose email to subscribe with

general
  • source: ffmpeg (main)
  • version: 7:7.1.1-1
  • maintainer: Debian Multimedia Maintainers (archive) (DMD)
  • uploaders: Reinhard Tartler [DMD] – James Cowgill [DMD] – Balint Reczey [DMD] – Sebastian Ramacher [DMD]
  • arch: all any
  • std-ver: 4.7.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 7:4.3.7-0+deb11u1
  • o-o-sec: 7:4.3.9-0+deb11u1
  • o-o-p-u: 7:4.3.7-0+deb11u1
  • oldstable: 7:5.1.6-0+deb12u1
  • old-sec: 7:5.1.7-0+deb12u1
  • old-p-u: 7:5.1.7-0+deb12u1
  • stable: 7:7.1.1-1
  • testing: 7:7.1.1-1
  • unstable: 7:7.1.1-1
versioned links
  • 7:4.3.7-0+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7:4.3.9-0+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7:5.1.6-0+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7:5.1.7-0+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7:7.1.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • ffmpeg (17 bugs: 0, 12, 5, 0)
  • ffmpeg-doc
  • libavcodec-dev (1 bugs: 0, 0, 1, 0)
  • libavcodec-extra
  • libavcodec-extra61
  • libavcodec61
  • libavdevice-dev
  • libavdevice61
  • libavfilter-dev
  • libavfilter-extra
  • libavfilter-extra10
  • libavfilter10
  • libavformat-dev (1 bugs: 0, 1, 0, 0)
  • libavformat-extra
  • libavformat-extra61
  • libavformat61
  • libavutil-dev
  • libavutil59
  • libpostproc-dev
  • libpostproc58
  • libswresample-dev
  • libswresample5
  • libswscale-dev
  • libswscale8
action needed
A new upstream version is available: 8.0 high
A new upstream version 8.0 is available, you should consider packaging it.
Created: 2025-08-24 Last update: 2025-09-06 14:00
4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:
  • CVE-2025-1594: A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
  • CVE-2025-7700:
  • CVE-2025-22921: FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
  • CVE-2025-25473: FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
Created: 2024-12-31 Last update: 2025-09-06 12:03
4 security issues in forky high

There are 4 open security issues in forky.

4 important issues:
  • CVE-2025-1594: A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
  • CVE-2025-7700:
  • CVE-2025-22921: FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
  • CVE-2025-25473: FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
Created: 2025-08-09 Last update: 2025-09-06 12:03
lintian reports 6 errors and 9 warnings high
Lintian reports 6 errors and 9 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2024-10-28 Last update: 2025-03-17 10:32
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2025-01-06 Last update: 2025-09-06 17:30
Depends on packages which need a new maintainer normal
The packages that ffmpeg depends on which need a new maintainer are:
  • libiec61883 (#826285)
    • Depends: libiec61883-0
    • Build-Depends: libiec61883-dev
Created: 2019-11-22 Last update: 2025-09-06 16:04
11 new commits since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit 2809fd495ac2919611de57ea21278eb5bb2116ad
Merge: 3566daf f57ceaf
Author: Reinhard Tartler <siretart@debian.org>
Date:   Fri Sep 5 23:28:20 2025 +0000

    Merge branch 'ppc64-disable-asm' into 'debian/master'
    
    disable ASM-based optimizations on ppc64 as well (Closes: #1108731)
    
    See merge request multimedia-team/ffmpeg!15

commit f57ceaf98d24fabfb992e17d2d3e554091c8b68f
Author: Sean McGovern <gseanmcg@gmail.com>
Date:   Tue Aug 19 08:24:09 2025 -0400

    disable ASM-based optimizations on ppc64 as well (Closes: #1108731)

commit 3566daf04da21116ffa19ddee1ef4a0ddcd75829
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Aug 23 19:12:55 2025 +0200

    Update for new upstream release

commit ab84fc779a97a79e83ca371b2d19839743a73fae
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Aug 23 19:12:45 2025 +0200

    Update lintian overrides after SONAME bumps

commit 2ebd452b20ddb1e3e184bb95b432c4b87fde2abc
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Aug 23 18:51:36 2025 +0200

    Add new symbols and remove dropped symbols

commit 387fddb425e40dc87107098d6a60429377e94af9
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Aug 23 18:22:23 2025 +0200

    SONAME bumps

commit edcf3dda0278e930b4f33929e4248161fad71755
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Aug 23 17:12:30 2025 +0200

    Bump libplacebo-dev BD

commit 6fb9a26aece7f10eb3d62c8f46c372229e4665ac
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Aug 23 17:08:06 2025 +0200

    Remove libpostproc

commit 169c4ca460e05971b51305812b4ce9bc27542122
Merge: b5bce48 07cf0b1
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Aug 23 17:04:48 2025 +0200

    Update upstream source from tag 'upstream/8.0'
    
    Update to upstream version '8.0'
    with Debian dir caa132e8b701de18b95a584f073fdfc241c05a2c

commit 07cf0b116137a9f5cfa957aba4e36d7eaeb7a237
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Aug 23 17:04:05 2025 +0200

    New upstream version 8.0

commit b5bce488adfa3e08f79d50079e2c5ed00a9859ea
Author: Balint Reczey <balint@balintreczey.hu>
Date:   Sat Jun 14 21:59:40 2025 +0200

    Remove myself from Uploaders
Created: 2025-06-14 Last update: 2025-09-06 01:04
4 low-priority security issues in trixie low

There are 4 open security issues in trixie.

4 issues left for the package maintainer to handle:
  • CVE-2025-1594: (postponed; to be fixed through a stable update) A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
  • CVE-2025-7700: (postponed; to be fixed through a stable update)
  • CVE-2025-22921: (postponed; to be fixed through a stable update) FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
  • CVE-2025-25473: (postponed; to be fixed through a stable update) FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-12-31 Last update: 2025-09-06 12:03
8 low-priority security issues in bookworm low

There are 8 open security issues in bookworm.

8 issues left for the package maintainer to handle:
  • CVE-2025-1594: (postponed; to be fixed through a stable update) A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
  • CVE-2023-49528: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.
  • CVE-2024-31578: (postponed; to be fixed through a stable update) FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
  • CVE-2024-32228: (postponed; to be fixed through a stable update) FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.
  • CVE-2024-35369: (postponed; to be fixed through a stable update) In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.
  • CVE-2024-36615: (postponed; to be fixed through a stable update) FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
  • CVE-2024-36618: (postponed; to be fixed through a stable update) FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
  • CVE-2025-22921: (postponed; to be fixed through a stable update) FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-04-12 Last update: 2025-09-06 12:03
Build log checks report 2 warnings low
Build log checks report 2 warnings
Created: 2024-06-09 Last update: 2024-07-29 04:00
testing migrations
  • This package will soon be part of the auto-rubberband transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • This package will soon be part of the auto-libplacebo transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • This package will soon be part of the auto-svt-av1 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2025-08-26] Accepted ffmpeg 7:5.1.7-0+deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Sebastian Ramacher)
  • [2025-08-25] Accepted ffmpeg 7:5.1.7-0+deb12u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Sebastian Ramacher)
  • [2025-07-14] Accepted ffmpeg 7:4.3.9-0+deb11u1 (source) into oldstable-security (Adrian Bunk)
  • [2025-03-11] ffmpeg 7:7.1.1-1 MIGRATED to testing (Debian testing watch)
  • [2025-03-08] Accepted ffmpeg 7:7.1.1-1 (source) into unstable (Sebastian Ramacher)
  • [2025-02-28] Accepted ffmpeg 7:4.3.8-0+deb11u3 (source) into oldstable-security (Thorsten Alteholz)
  • [2025-02-24] ffmpeg 7:7.1-4 MIGRATED to testing (Debian testing watch)
  • [2025-02-21] Accepted ffmpeg 7:7.1-4 (source) into unstable (Sebastian Ramacher)
  • [2025-01-31] Accepted ffmpeg 7:4.3.8-0+deb11u2 (source) into oldstable-security (Thorsten Alteholz)
  • [2024-10-31] ffmpeg 7:7.1-3 MIGRATED to testing (Debian testing watch)
  • [2024-10-27] Accepted ffmpeg 7:7.1-3 (source) into unstable (Sebastian Ramacher)
  • [2024-10-21] Accepted ffmpeg 7:4.3.8-0+deb11u1 (source) into oldstable-security (Emilio Pozuelo Monfort)
  • [2024-10-20] Accepted ffmpeg 7:7.1-2 (source) into experimental (Sebastian Ramacher)
  • [2024-10-20] Accepted ffmpeg 7:7.1-1 (source) into experimental (Sebastian Ramacher)
  • [2024-08-16] ffmpeg 7:7.0.2-3 MIGRATED to testing (Debian testing watch)
  • [2024-08-14] Accepted ffmpeg 7:5.1.6-0+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Sebastian Ramacher)
  • [2024-08-14] Accepted ffmpeg 7:5.1.6-0+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Sebastian Ramacher)
  • [2024-08-13] Accepted ffmpeg 7:7.0.2-3 (source) into unstable (Sebastian Ramacher)
  • [2024-08-13] ffmpeg 7:7.0.2-2 MIGRATED to testing (Debian testing watch)
  • [2024-08-10] Accepted ffmpeg 7:7.0.2-2 (source) into unstable (Sebastian Ramacher)
  • [2024-08-10] ffmpeg 7:7.0.2-1 MIGRATED to testing (Debian testing watch)
  • [2024-08-04] ffmpeg 7:7.0.1-5 MIGRATED to testing (Debian testing watch)
  • [2024-08-03] Accepted ffmpeg 7:7.0.2-1 (source) into unstable (Sebastian Ramacher)
  • [2024-07-30] Accepted ffmpeg 7:7.0.1-5 (source) into unstable (Sebastian Ramacher)
  • [2024-07-28] Accepted ffmpeg 7:7.0.1-4 (source) into unstable (Sebastian Ramacher)
  • [2024-07-28] Accepted ffmpeg 7:7.0.1-3 (source) into unstable (Sebastian Ramacher)
  • [2024-07-26] ffmpeg 7:6.1.1-5 MIGRATED to testing (Debian testing watch)
  • [2024-07-08] Accepted ffmpeg 7:7.0.1-2 (source) into experimental (Sebastian Ramacher)
  • [2024-07-08] Accepted ffmpeg 7:6.1.1-5 (source) into unstable (Sebastian Ramacher)
  • [2024-06-29] Accepted ffmpeg 7:4.3.7-0+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
  • 1
  • 2
bugs [bug history graph]
  • all: 23 24
  • RC: 0
  • I&N: 15
  • M&W: 7 8
  • F&P: 1
  • patch: 1
links
  • homepage
  • lintian (6, 9)
  • buildd: logs, checks, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 7:7.1.1-1ubuntu3
  • 13 bugs
  • patches for 7:7.1.1-1ubuntu4

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing