The vulnerable code (see the fix in [0] for more information), introduced by the changes of commit 0c0dd23f [1], is only present in versions greater than 6.0. openSUSE:Factory/ffmpeg-6 would be affected, but the fix is already present there as well. [0] https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fb54c89a0df3d63198678b17d64aef4dbb599109 [1] https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0c0dd23fe1102313742092c4760596971755814e