CVE-2025-59732Out-of-bounds Write in Ffmpeg

CWE-787Out-of-bounds Write8 documents7 sources
Severity
8.7HIGHNVD
EPSS
0.0%
top 95.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedOct 6
Latest updateJan 27

Description

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompressed_data is allocated in decode_block based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write bloc

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Affected Packages4 packages

CVEListV5ffmpeg/ffmpeg9a32b863074ed4140141e0d3613905c6f1fe61c58.0+1
debiandebian/ffmpeg< ffmpeg 7:5.1.7-0+deb12u1 (bookworm)
Debianffmpeg/ffmpeg< 7:5.1.7-0+deb12u1+2
Ubuntuffmpeg/ffmpeg< 7:7.1.1-1ubuntu4.2+5

🔴Vulnerability Details

4
OSV
ffmpeg vulnerabilities2026-01-27
OSV
CVE-2025-59732: When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 82025-10-06
CVEList
Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress2025-10-06
GHSA
GHSA-qr3p-83wm-px3f: When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 82025-10-06

📋Vendor Advisories

3
Ubuntu
FFmpeg vulnerabilities2026-01-27
Red Hat
FFmpeg: FFmpeg: Heap memory corruption when decoding OpenEXR files with DWAA/DWAB compression2025-10-06
Debian
CVE-2025-59732: ffmpeg - When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an imp...2025