[Git][security-tracker-team/security-tracker][master] Add CVE-2025-63757/ffmpeg

Thu Dec 18 21:12:53 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1dabcf70 by Salvatore Bonaccorso at 2025-12-18T22:12:15+01:00
Add CVE-2025-63757/ffmpeg

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,7 +79,12 @@ CVE-2025-64236 (Authentication Bypass Using an Alternate Path or Channel vulnera
 CVE-2025-64235 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63757 (Integer overflow vulnerability in the yuv2ya16_X_c_template function i ...)
-	TODO: check
+	- ffmpeg 7:7.1.3-1
+	NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698
+	NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/0c6b7f9483a38657c9be824572b4c0c45d4d9fef (master)
+	NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/716cf25eb8616e8e068a7c2a5d23ae107bd117b4 (n8.0.1)
+	NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/19877054e340e2babb7ef0d00e81c12bfeb19391 (n7.1.3)
+	NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/ac4caa33bae5841649c61d4f8a0608dfa59c4fa1 (n5.1.8)
 CVE-2025-63391 (An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 i ...)
 	NOT-FOR-US: open-webui
 CVE-2025-63390 (An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in ...)


=====================================
data/DSA/list
=====================================
@@ -17,7 +17,7 @@
 	[bookworm] - chromium 143.0.7499.109-1~deb12u1
 	[trixie] - chromium 143.0.7499.109-1~deb13u1
 [10 Dec 2025] DSA-6079-1 ffmpeg - security update
-	{CVE-2024-36618 CVE-2025-1594}
+	{CVE-2024-36618 CVE-2025-1594 CVE-2025-63757}
 	[bookworm] - ffmpeg 7:5.1.8-0+deb12u1
 [10 Dec 2025] DSA-6078-1 firefox-esr - security update
 	{CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324 CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330 CVE-2025-14331 CVE-2025-14333}
@@ -38,7 +38,7 @@
 	[bookworm] - webkit2gtk 2.50.3-1~deb12u1
 	[trixie] - webkit2gtk 2.50.3-1~deb13u1
 [07 Dec 2025] DSA-6073-1 ffmpeg - security update
-	{CVE-2025-25473}
+	{CVE-2025-25473 CVE-2025-63757}
 	[trixie] - ffmpeg 7:7.1.3-0+deb13u1
 [04 Dec 2025] DSA-6072-1 chromium - security update
 	{CVE-2025-13630 CVE-2025-13631 CVE-2025-13632 CVE-2025-13633 CVE-2025-13634 CVE-2025-13635 CVE-2025-13636 CVE-2025-13637 CVE-2025-13638 CVE-2025-13639 CVE-2025-13640 CVE-2025-13720 CVE-2025-13721}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dabcf701f3a1a76d5d916af976c1f64db8699b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dabcf701f3a1a76d5d916af976c1f64db8699b1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251218/70d192b8/attachment-0001.htm>
