Pkgs

ffmpeg

Version: 8.1.1

Mirror of https://git.ffmpeg.org/ffmpeg.git

Install package

min add ffmpeg

Library audio c ffmpeg

Updated 7 days ago

Spec hash: 07247967…96a8
Built from: Source
Source archive: Upstream
Source archive SHA256: b6863add…edf3
Dependencies: 4 build · 17 runtime

Quick links

[ Docs ] [ Changelog ] [ Repo ] [ Security ] [ SBOM ]

What is ffmpeg?

Mirror of https://git.ffmpeg.org/ffmpeg.git

How to use this package

Quick install

Installs the package into the current environment for this session. Use --build or --runtime to persist it as a build-time or runtime dependency.

min add ffmpeg

Declare as a task dependency in minimal.toml

Listing the package under tasks.<name>.packages makes it available inside that task’s sandbox.

[tasks.dev]
packages = ["ffmpeg"]

Build-time vs runtime

Choose build-time for tools needed during compilation, runtime for dynamic libraries loaded at runtime.

min add --build ffmpeg
min add --runtime ffmpeg

Dependencies (21)

Dependencies
Name	Version	Kind
base	—	build
dav1d	1.5.3	runtime
fontconfig	2.17.1	runtime
freetype	2.14.1	runtime
fribidi	1.0.16	runtime
harfbuzz	14.2.0	runtime
libaom	3.13.1	runtime
libass	0.17.4	runtime
libfdk-aac	2.0.3	runtime
libopus	1.6.1	runtime
libsvtav1	4.0.1	runtime
libvmaf	3.0.0	runtime
libvpx	1.16.0	runtime
libx264	0.165.3222	runtime
libx265	4.1	runtime
make	4.4.1	build
openssl CVE:1	3.6.2	runtime
pkgconf	2.5.1	build
toolchain	—	build
xz	5.8.3	runtime
zlib	1.3.2	runtime

No dependants

No other packages in the registry depend on this one.

No direct advisories

This package inherits 14 transitive advisories from its dependencies.

Include transitive

Showing 14 transitive advisories via ffmpeg's dependencies

Security advisories for this package
	Status	IDs	Package	Version	Severity	Published
Critical ( 0 )
High ( 12 )
	Affected: 2.42	CVE-2025-15281	glibc	`2.42`	High: 7.5	5 months ago
Summary No summary published for this advisory. Via: dav1d glibc Affected ranges `2.42` CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` References Advisory: http://www.openwall.com/lists/oss-security/2026/01/20/3 Fix: https://sourceware.org/bugzilla/show_bug.cgi?id=33814
	Affected: 2.42	CVE-2026-0915	glibc	`2.42`	High: 7.5	5 months ago
Summary No summary published for this advisory. Via: dav1d glibc Affected ranges `2.42` CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N` References Report: https://sourceware.org/bugzilla/show_bug.cgi?id=33802 ARTICLE: http://www.openwall.com/lists/oss-security/2026/01/16/6
	Affected: 2.42	CVE-2026-0861	glibc	`2.42`	High: 8.4	5 months ago
Summary No summary published for this advisory. Via: dav1d glibc Affected ranges `2.42` CVSS vector: `CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` References Fix: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001 , http://www.openwall.com/lists/oss-security/2026/01/16/5 Evidence: https://sourceware.org/bugzilla/show_bug.cgi?id=33796
	Affected: 3.6.2	CVE-2024-6119	openssl	`3.6.0 – 3.6.2`	High: 7.5	2 years ago
Summary No summary published for this advisory. Via: openssl Affected ranges `3.6.0 – 3.6.2` CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` References Advisory: https://openssl-library.org/news/secadv/20240903.txt , https://security.netapp.com/advisory/ntap-20240912-0001/ Fix: https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6 , https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2 , https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0 , https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f ARTICLE: http://www.openwall.com/lists/oss-security/2024/09/03/4 , https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html
	Resolved in 9ceb800ac26fd81a5eaf27ef366d5fce47e80447	OSV-2023-930	harfbuzz	`9ceb800ac26fd81a5eaf27ef366d5fce47e80447, fixed in 9ceb800ac26fd81a5eaf27ef366d5fce47e80447`	High	3 years ago
Summary Heap-buffer-overflow in OT::cvar::decompile_tuple_variations Via: harfbuzz Affected ranges `9ceb800ac26fd81a5eaf27ef366d5fce47e80447, fixed in 9ceb800ac26fd81a5eaf27ef366d5fce47e80447` Fixed in: `9ceb800ac26fd81a5eaf27ef366d5fce47e80447` References Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62774
	Resolved in 4e2f409bce77b97de2d098365977beeeb4447b1e	OSV-2022-112	harfbuzz	`4e2f409bce77b97de2d098365977beeeb4447b1e, fixed in 4e2f409bce77b97de2d098365977beeeb4447b1e`	High	4 years ago
Summary Heap-use-after-free in hb_bit_set_invertible_t::next Via: harfbuzz Affected ranges `4e2f409bce77b97de2d098365977beeeb4447b1e, fixed in 4e2f409bce77b97de2d098365977beeeb4447b1e` Fixed in: `4e2f409bce77b97de2d098365977beeeb4447b1e` References Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44263
	Resolved in 4e2f409bce77b97de2d098365977beeeb4447b1e	OSV-2022-111	harfbuzz	`4e2f409bce77b97de2d098365977beeeb4447b1e, fixed in 4e2f409bce77b97de2d098365977beeeb4447b1e`	High	4 years ago
Summary Heap-use-after-free in OT::CoverageFormat1::intersected_coverage_glyphs Via: harfbuzz Affected ranges `4e2f409bce77b97de2d098365977beeeb4447b1e, fixed in 4e2f409bce77b97de2d098365977beeeb4447b1e` Fixed in: `4e2f409bce77b97de2d098365977beeeb4447b1e` References Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44257
	Resolved in 4e2f409bce77b97de2d098365977beeeb4447b1e	OSV-2022-104	harfbuzz	`4e2f409bce77b97de2d098365977beeeb4447b1e, fixed in 4e2f409bce77b97de2d098365977beeeb4447b1e`	High	4 years ago
Summary Heap-use-after-free in hb_bit_set_invertible_t::intersects Via: harfbuzz Affected ranges `4e2f409bce77b97de2d098365977beeeb4447b1e, fixed in 4e2f409bce77b97de2d098365977beeeb4447b1e` Fixed in: `4e2f409bce77b97de2d098365977beeeb4447b1e` References Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44198
	Resolved in 0df65d82dbc41e8da00adb243de5918db532c8a6	OSV-2018-153	openssl	`0df65d82dbc41e8da00adb243de5918db532c8a6, fixed in 0df65d82dbc41e8da00adb243de5918db532c8a6`	High	5 years ago
Summary Heap-buffer-overflow in asn1_ex_i2c Via: openssl Affected ranges `0df65d82dbc41e8da00adb243de5918db532c8a6, fixed in 0df65d82dbc41e8da00adb243de5918db532c8a6` Fixed in: `0df65d82dbc41e8da00adb243de5918db532c8a6` References Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7696
	Resolved in 00fdbca4f6a5c4623b9c4838da502cccce8aaa74	OSV-2018-140	harfbuzz	`00fdbca4f6a5c4623b9c4838da502cccce8aaa74, fixed in 00fdbca4f6a5c4623b9c4838da502cccce8aaa74`	High	5 years ago
Summary Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short Via: harfbuzz Affected ranges `00fdbca4f6a5c4623b9c4838da502cccce8aaa74, fixed in 00fdbca4f6a5c4623b9c4838da502cccce8aaa74` Fixed in: `00fdbca4f6a5c4623b9c4838da502cccce8aaa74` References Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11074
	Resolved in 00fdbca4f6a5c4623b9c4838da502cccce8aaa74	OSV-2018-116	harfbuzz	`00fdbca4f6a5c4623b9c4838da502cccce8aaa74, fixed in 00fdbca4f6a5c4623b9c4838da502cccce8aaa74`	High	5 years ago
Summary Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short Via: harfbuzz Affected ranges `00fdbca4f6a5c4623b9c4838da502cccce8aaa74, fixed in 00fdbca4f6a5c4623b9c4838da502cccce8aaa74` Fixed in: `00fdbca4f6a5c4623b9c4838da502cccce8aaa74` References Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11060
	Resolved in 7a6686a589ed6bf17a5af0b8012501e4d4ee2ded	OSV-2018-61	harfbuzz	`7a6686a589ed6bf17a5af0b8012501e4d4ee2ded, fixed in 7a6686a589ed6bf17a5af0b8012501e4d4ee2ded`	High	5 years ago
Summary Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short Via: harfbuzz Affected ranges `7a6686a589ed6bf17a5af0b8012501e4d4ee2ded, fixed in 7a6686a589ed6bf17a5af0b8012501e4d4ee2ded` Fixed in: `7a6686a589ed6bf17a5af0b8012501e4d4ee2ded` References Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12312
Medium ( 2 )
	Under investigation	CVE-2026-40930	libpng	`1.6.50 – 1.6.58`	Medium: 5.4	11 days ago
Summary LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk header on the next call to `png_process_data`. Commit faf06924688b62d7c1654b5ceddedbde66ffadb4 fixes the issue. Via: freetype libpng Affected ranges `1.6.50 – 1.6.58` CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L`
	Resolved in 04d60de6ae06562262f04e8e2e4d9441c66233e0	OSV-2025-550	harfbuzz	`04d60de6ae06562262f04e8e2e4d9441c66233e0, fixed in 04d60de6ae06562262f04e8e2e4d9441c66233e0`	Medium	11 months ago
Summary Use-of-uninitialized-value in CFF::cff2_cs_opset_t<cff2_cs_opset_subr_subset_t, CFF::subr_subset_param_t, CFF: Via: harfbuzz Affected ranges `04d60de6ae06562262f04e8e2e4d9441c66233e0, fixed in 04d60de6ae06562262f04e8e2e4d9441c66233e0` Fixed in: `04d60de6ae06562262f04e8e2e4d9441c66233e0` References Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=431867896
Low ( 0 )
Unknown ( 0 )

74 components

Software Bill of Materials — every package this build depends on
Packages	Version	Repository	Licence
ffmpeg ROOT	8.1.1	github.com/FFmpeg/FFmpeg	(GPL-2.0-only AND GPL-3.0-only AND LGPL-2.1-only)
acl	2.3.2	https://storage.googleapis.com/minimal-staging-archives/acl-2.3.2.tar.xz MIRROR	(GPL-2.0-only AND LGPL-2.1-only)
attr	2.5.2	https://storage.googleapis.com/minimal-staging-archives/attr-2.5.2.tar.gz MIRROR	(GPL-2.0-only AND LGPL-2.1-only)
autoconf	2.73	www.gnu.org/software/autoconf	GPL-3.0-or-later WITH Autoconf-exception-3.0
automake	1.18.1	www.gnu.org/software/automake	GPL-2.0-only
bash	5.3	www.gnu.org/software/bash	GPL-3.0-only
bash-bootstrap	5.3	https://storage.googleapis.com/minimal-staging-archives/bash-5.3.tar.gz MIRROR	GPL-3.0-only
binutils	2.46.1	www.gnu.org/software/binutils	(GPL-2.0-only AND GPL-3.0-only AND LGPL-2.0-only)
bison	3.8.2	www.gnu.org/software/bison	GPL-3.0-only
bzip2	1.0.8	github.com/libarchive/bzip2	bzip2-1.0.6
cmake	4.2.3	github.com/Kitware/CMake	BSD-3-Clause
coreutils	9.11	www.gnu.org/software/coreutils	GPL-3.0-only
curl	8.20.0	github.com/curl/curl	curl
dav1d	1.5.3	https://downloads.videolan.org/pub/videolan/dav1d/1.5.3/dav1d-1.5.3.tar.xz	BSD-2-Clause
diffutils	3.12	www.gnu.org/software/diffutils	GPL-3.0-only
expat	2.7.5	github.com/libexpat/libexpat	MIT
file	5.47	https://storage.googleapis.com/minimal-staging-archives/file-5.47.tar.gz MIRROR	BSD-2-Clause-Darwin
findutils	4.10.0	https://storage.googleapis.com/minimal-staging-archives/findutils-4.10.0.tar.xz MIRROR	GPL-3.0-only
flex	2.6.4	github.com/westes/flex	BSD-3-Clause-flex
fontconfig	2.17.1	https://storage.googleapis.com/minimal-staging-archives/fontconfig-2.17.1.tar.xz MIRROR	HPND-sell-variant
freetype	2.14.1	https://storage.googleapis.com/minimal-staging-archives/freetype-2.14.1.tar.xz MIRROR	FTL OR GPL-2.0-or-later
fribidi	1.0.16	github.com/fribidi/fribidi	LGPL-2.1-or-later
gawk	5.4.0	www.gnu.org/software/gawk	GPL-3.0-only
gawk-bootstrap	5.3.2	https://storage.googleapis.com/minimal-staging-archives/gawk-5.3.2.tar.xz MIRROR	GPL-3.0-only
gcc	15.2.0	www.gnu.org/software/gcc	(GPL-2.0-only AND GPL-3.0-only AND LGPL-2.1-only)
gdbm	1.26	www.gnu.org/software/gdbm	GPL-3.0-only
glib	2.86.4	https://storage.googleapis.com/minimal-staging-archives/glib-2.86.4.tar.xz MIRROR	LGPL-2.1-or-later
glibc	2.42	www.gnu.org/software/glibc	(GPL-2.0-only AND LGPL-2.1-only)
gmp	6.3.0	www.gnu.org/software/gmp	LGPL-3.0-or-later OR GPL-2.0-or-later
gperf	3.1	www.gnu.org/software/gperf	GPL-3.0-only
grep	3.12	www.gnu.org/software/grep	GPL-3.0-only
gzip	1.14	www.gnu.org/software/gzip	GPL-3.0-only
harfbuzz	14.2.0	github.com/harfbuzz/harfbuzz	MIT-Modern-Variant
libaom	3.13.1	https://storage.googleapis.com/aom-releases/libaom-3.13.1.tar.gz	BSD-2-Clause
libass	0.17.4	github.com/libass/libass	ISC
libcap	2.78	https://storage.googleapis.com/minimal-staging-archives/libcap-2.78.tar.xz MIRROR	BSD-3-Clause OR GPL-2.0-only
libfdk-aac	2.0.3	https://downloads.sourceforge.net/project/opencore-amr/fdk-aac/fdk-aac-2.0.3.tar.gz	FDK-AAC
libffi	3.5.2	github.com/libffi/libffi	MIT
libidn2	2.3.8	www.gnu.org/software/libidn2	GPL-3.0-or-later AND (GPL-2.0-or-later OR LGPL-3.0-or-later)
libopus	1.6.1	github.com/xiph/opus	BSD-3-Clause
libpng	1.6.58	github.com/pnggroup/libpng	libpng-2.0
libpsl	0.21.5	github.com/rockdaboot/libpsl	MIT
libsvtav1	4.0.1	github.com/AOMediaCodec/SVT-AV1	(BSD-2-Clause AND BSD-3-Clause-Clear)
libtool	2.5.4	www.gnu.org/software/libtool	GPL-2.0-only
libunistring	1.4.1	www.gnu.org/software/libunistring	GPL-3.0-only
libuv	1.52.1	github.com/libuv/libuv	MIT
libvmaf	3.0.0	github.com/Netflix/vmaf	BSD-2-Clause-Patent
libvpx	1.16.0	github.com/webmproject/libvpx	BSD-3-Clause
libx264	0.165.3222	https://code.videolan.org/videolan/x264/-/archive/b35605ace3ddf7c1a5d67a2eb553f034aef41d55/x264-b35605ace3ddf7c1a5d67a2eb553f034aef41d55.tar.bz2	GPL-2.0-only
libx265	4.1	https://bitbucket.org/multicoreware/x265_git/downloads/x265_4.1.tar.gz	GPL-2.0-only
linux_headers	6.12.43	github.com/torvalds/linux	GPL-2.0-only WITH Linux-syscall-note
lz4	1.10.0	github.com/lz4/lz4	BSD-2-Clause AND GPL-2.0-or-later
m4	1.4.21	www.gnu.org/software/m4	GPL-3.0-only
make	4.4.1	www.gnu.org/software/make	GPL-3.0-only
meson	1.10.1	github.com/mesonbuild/meson	Apache-2.0
mpc	1.4.0	www.gnu.org/software/mpc	LGPL-3.0-or-later
mpfr	4.2.2	www.gnu.org/software/mpfr	GPL-3.0-only
nasm	3.01	https://www.nasm.us/pub/nasm/releasebuilds/3.01/nasm-3.01.tar.xz	BSD-2-Clause
ncurses	6.5-20250830	www.gnu.org/software/ncurses	X11-distribute-modifications-variant
ninja	1.13.2	github.com/ninja-build/ninja	Apache-2.0
openssl	3.6.2	github.com/openssl/openssl	Apache-2.0
pcre2	10.47	github.com/PCRE2Project/pcre2	BSD-3-Clause WITH PCRE2-exception
perl	5.42.0	github.com/Perl/perl5	Artistic-1.0-Perl OR GPL-1.0-or-later
pkgconf	2.5.1	github.com/pkgconf/pkgconf	pkgconf
python	3.14.5	github.com/python/cpython	Python-2.0.1
readline	8.3	www.gnu.org/software/readline	GPL-3.0-only
sed	4.9	www.gnu.org/software/sed	GPL-3.0-only
setuptools	82.0.1	github.com/pypa/setuptools	MIT
sqlite	3.50.4	github.com/sqlite/sqlite	blessing
tar	1.35	www.gnu.org/software/tar	GPL-3.0-only
util-linux	2.42.1	github.com/util-linux/util-linux	GPL-2.0-or-later AND LGPL-2.1-or-later AND BSD-3-Clause
xz	5.8.3	github.com/tukaani-project/xz	(0BSD AND GPL-2.0-only AND GPL-3.0-only AND LGPL-2.1-only)
zlib	1.3.2	github.com/madler/zlib	Zlib
zstd	1.5.7	github.com/facebook/zstd	BSD-3-Clause OR GPL-2.0-only

ffmpeg

Install package

Quick links

What is ffmpeg?

How to use this package

Quick install

Declare as a task dependency in minimal.toml

Build-time vs runtime

Dependencies (21)

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

Summary

Affected ranges

References

74 components