CVE-2025-12343Double Free in Ffmpeg

CWE-415Double Free10 documents7 sources
Severity
5.5MEDIUMNVD
CNA3.3
EPSS
0.0%
top 99.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedFeb 18

Description

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execu

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDffmpeg/ffmpeg6.18.1
debiandebian/ffmpeg< ffmpeg 7:7.1.2-1 (forky)
Debianffmpeg/ffmpeg< 7:7.1.2-0+deb13u1+1

🔴Vulnerability Details

3
CVEList
Ffmpeg: double-free vulnerability in ffmpeg tensorflow dnn backend2026-02-18
OSV
CVE-2025-12343: A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf2026-02-18
GHSA
GHSA-2g52-f4rf-8vm9: A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf2026-02-18

📋Vendor Advisories

2
Red Hat
FFmpeg: Double-Free Vulnerability in FFmpeg TensorFlow DNN Backend2025-10-27
Debian
CVE-2025-12343: ffmpeg - A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backe...2025

🕵️Threat Intelligence

4
Wiz
CVE-2025-12343 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-63757 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-69693 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-10256 Impact, Exploitability, and Mitigation Steps | Wiz