ffmpeg - Debian Package Tracker

general

source: ffmpeg (main)
version: 7:8.0.1-3
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Reinhard Tartler [DMD] – Sebastian Ramacher [DMD] – James Cowgill [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7:4.3.7-0+deb11u1
o-o-sec: 7:4.3.9-0+deb11u1
o-o-p-u: 7:4.3.7-0+deb11u1
oldstable: 7:5.1.7-0+deb12u1
old-sec: 7:5.1.8-0+deb12u1
stable: 7:7.1.2-0+deb13u1
stable-sec: 7:7.1.3-0+deb13u1
testing: 7:8.0.1-3
unstable: 7:8.0.1-3

versioned links

7:4.3.7-0+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:4.3.9-0+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:5.1.7-0+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:5.1.8-0+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:7.1.2-0+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:7.1.3-0+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:7.1.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7:8.0.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ffmpeg (18 bugs: 0, 12, 6, 0)
ffmpeg-doc
libavcodec-dev (1 bugs: 0, 0, 1, 0)
libavcodec-extra
libavcodec-extra62
libavcodec62
libavdevice-dev
libavdevice62
libavfilter-dev
libavfilter-extra
libavfilter-extra11
libavfilter11
libavformat-dev (1 bugs: 0, 1, 0, 0)
libavformat-extra
libavformat-extra62
libavformat62
libavutil-dev
libavutil60
libswresample-dev
libswresample6
libswscale-dev
libswscale9

action needed

1 binary package has unsatisfiable dependencies high

The dependencies of libpostproc-dev=7:7.1.3-1 cannot be satisfied in unstable on amd64, arm64, i386, armhf, ppc64el, and s390x because: unsatisfied dependency on libavutil-dev (= 7:7.1.3-1)

Created: 2025-12-19 Last update: 2026-01-11 16:02

7 security issues in bullseye high

There are 7 open security issues in bullseye.

1 important issue:

CVE-2025-63757: Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.

6 issues postponed or untriaged:

CVE-2023-6603: (postponed; to be fixed through a stable update) A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.
CVE-2025-1594: (postponed; to be fixed through a stable update) A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7700: (postponed; to be fixed through a stable update) A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.
CVE-2025-9951: (postponed; to be fixed through a stable update) A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
CVE-2024-36615: (postponed; to be fixed through a stable update) FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
CVE-2025-10256: (postponed; to be fixed through a stable update)

Created: 2025-12-18 Last update: 2026-01-10 13:00

lintian reports 5 errors and 8 warnings high

Lintian reports 5 errors and 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-12-30 Last update: 2025-12-30 05:30

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2026-01-11 16:00

Depends on packages which need a new maintainer normal

The packages that ffmpeg depends on which need a new maintainer are:

libiec61883 (#826285)
- Depends: libiec61883-0 libiec61883-0
- Build-Depends: libiec61883-dev

Created: 2019-11-22 Last update: 2026-01-11 13:31

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit aa8129d413f5913ce6e073ba92dd7ba349455e1a
Merge: e0f3e97 4dfc598
Author: Sebastian Ramacher <sramacher@debian.org>
Date:   Sat Jan 10 00:26:44 2026 +0100

    Merge branch 'stage1-nonexistent-libxjl' into 'debian/master'
    
    d/rules: fix pkg.ffmpeg.stage1 build profile (no libxjl)
    
    See merge request multimedia-team/ffmpeg!17

commit 4dfc598744f211a84bee6f6a96ac512544c3e680
Author: Sean McGovern <gseanmcg@gmail.com>
Date:   Fri Jan 9 14:09:13 2026 -0500

    d/rules: fix pkg.ffmpeg.stage1 build profile (no libxjl)

Created: 2026-01-10 Last update: 2026-01-10 01:33

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-22921: (postponed; to be fixed through a stable update) FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-12-31 Last update: 2026-01-10 13:00

6 low-priority security issues in bookworm low

There are 6 open security issues in bookworm.

6 issues left for the package maintainer to handle:

CVE-2023-49528: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.
CVE-2024-31578: (postponed; to be fixed through a stable update) FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
CVE-2024-35369: (postponed; to be fixed through a stable update) In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.
CVE-2024-36615: (postponed; to be fixed through a stable update) FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
CVE-2025-10256: (postponed; to be fixed through a stable update)
CVE-2025-22921: (postponed; to be fixed through a stable update) FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-04-12 Last update: 2026-01-10 13:00

testing migrations

This package will soon be part of the auto-rubberband transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-svt-av1 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2026-01-03] Accepted ffmpeg 7:5.1.8-0+deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2026-01-02] ffmpeg 7:8.0.1-3 MIGRATED to testing (Debian testing watch)
[2025-12-29] Accepted ffmpeg 7:8.0.1-3 (source) into unstable (Sebastian Ramacher)
[2025-12-20] Accepted ffmpeg 7:7.1.3-0+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2025-12-16] ffmpeg 7:8.0.1-2 MIGRATED to testing (Debian testing watch)
[2025-12-13] Accepted ffmpeg 7:8.0.1-2 (source) into unstable (Sebastian Ramacher)
[2025-12-10] Accepted ffmpeg 7:5.1.8-0+deb12u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2025-12-07] Accepted ffmpeg 7:7.1.3-0+deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2025-12-02] ffmpeg 7:7.1.3-1 MIGRATED to testing (Debian testing watch)
[2025-11-30] Accepted ffmpeg 7:7.1.3-1 (source) into unstable (Sebastian Ramacher)
[2025-11-21] Accepted ffmpeg 7:8.0.1-1 (source) into experimental (Sebastian Ramacher)
[2025-11-12] Accepted ffmpeg 7:8.0-2 (source) into experimental (Sebastian Ramacher)
[2025-09-26] Accepted ffmpeg 7:7.1.2-0+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2025-09-23] ffmpeg 7:7.1.2-1 MIGRATED to testing (Debian testing watch)
[2025-09-21] Accepted ffmpeg 7:7.1.2-0+deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2025-09-20] Accepted ffmpeg 7:7.1.2-1 (source) into unstable (Sebastian Ramacher)
[2025-09-12] Accepted ffmpeg 7:8.0-1 (all amd64 source) into experimental (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2025-08-26] Accepted ffmpeg 7:5.1.7-0+deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2025-08-25] Accepted ffmpeg 7:5.1.7-0+deb12u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Sebastian Ramacher)
[2025-07-14] Accepted ffmpeg 7:4.3.9-0+deb11u1 (source) into oldstable-security (Adrian Bunk)
[2025-03-11] ffmpeg 7:7.1.1-1 MIGRATED to testing (Debian testing watch)
[2025-03-08] Accepted ffmpeg 7:7.1.1-1 (source) into unstable (Sebastian Ramacher)
[2025-02-28] Accepted ffmpeg 7:4.3.8-0+deb11u3 (source) into oldstable-security (Thorsten Alteholz)
[2025-02-24] ffmpeg 7:7.1-4 MIGRATED to testing (Debian testing watch)
[2025-02-21] Accepted ffmpeg 7:7.1-4 (source) into unstable (Sebastian Ramacher)
[2025-01-31] Accepted ffmpeg 7:4.3.8-0+deb11u2 (source) into oldstable-security (Thorsten Alteholz)
[2024-10-31] ffmpeg 7:7.1-3 MIGRATED to testing (Debian testing watch)
[2024-10-27] Accepted ffmpeg 7:7.1-3 (source) into unstable (Sebastian Ramacher)
[2024-10-21] Accepted ffmpeg 7:4.3.8-0+deb11u1 (source) into oldstable-security (Emilio Pozuelo Monfort)
[2024-10-20] Accepted ffmpeg 7:7.1-2 (source) into experimental (Sebastian Ramacher)

bugs [bug history graph]

all: 24 25
RC: 0
I&N: 16
M&W: 8 9
F&P: 0
patch: 2

links

homepage
lintian (5, 8)
buildd: logs, reproducibility, debcheck, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7:8.0.1-3ubuntu1
13 bugs
patches for 7:8.0.1-3ubuntu1