Ubuntu Security Notice USN-7982-1 reports several vulnerabilities in FFmpeg that were discovered in January 2026. The vulnerabilities, which affect various Ubuntu releases, including 25.10, 24.04 LTS, and 20.04 LTS, can potentially be used by an attacker to cause a denial of service or execute arbitrary code. To address the issue, users should update their system to the latest package versions for FFmpeg, libavcodec, and libavformat.

[USN-7982-1] FFmpeg vulnerabilities

[USN-7982-1] FFmpeg vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7982-1
January 27, 2026

ffmpeg vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in FFmpeg.

Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

It was discovered that FFmpeg did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-59728)

It was discovered that FFmpeg did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-59731,
CVE-2025-59732)

It was discovered that FFmpeg did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS
and Ubuntu 25.10. (CVE-2025-59733)

It was discovered that FFmpeg did not correctly handle certain integer
arithmetic operations. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2025-63757)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
ffmpeg 7:7.1.1-1ubuntu4.2
libavcodec61 7:7.1.1-1ubuntu4.2
libavformat61 7:7.1.1-1ubuntu4.2

Ubuntu 24.04 LTS
ffmpeg 7:6.1.1-3ubuntu5+esm7
Available with Ubuntu Pro
libavcodec60 7:6.1.1-3ubuntu5+esm7
Available with Ubuntu Pro
libavformat60 7:6.1.1-3ubuntu5+esm7
Available with Ubuntu Pro

Ubuntu 22.04 LTS
ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm11
Available with Ubuntu Pro
libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm11
Available with Ubuntu Pro
libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm11
Available with Ubuntu Pro

Ubuntu 20.04 LTS
ffmpeg 7:4.2.7-0ubuntu0.1+esm12
Available with Ubuntu Pro
libavcodec58 7:4.2.7-0ubuntu0.1+esm12
Available with Ubuntu Pro
libavformat58 7:4.2.7-0ubuntu0.1+esm12
Available with Ubuntu Pro

Ubuntu 18.04 LTS
ffmpeg 7:3.4.11-0ubuntu0.1+esm12
Available with Ubuntu Pro
libavcodec57 7:3.4.11-0ubuntu0.1+esm12
Available with Ubuntu Pro
libavformat57 7:3.4.11-0ubuntu0.1+esm12
Available with Ubuntu Pro

Ubuntu 16.04 LTS
ffmpeg 7:2.8.17-0ubuntu0.1+esm14
Available with Ubuntu Pro
libavcodec-extra 7:2.8.17-0ubuntu0.1+esm14
Available with Ubuntu Pro
libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm14
Available with Ubuntu Pro
libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm14
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7982-1
CVE-2025-59728, CVE-2025-59731, CVE-2025-59732, CVE-2025-59733,
CVE-2025-63757

Package Information:
https://launchpad.net/ubuntu/+source/ffmpeg/7:7.1.1-1ubuntu4.2