CVE-2025-59733Out-of-bounds Write in Ffmpeg

CWE-787Out-of-bounds Write7 documents6 sources
Severity
8.7HIGHNVD
EPSS
0.0%
top 94.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedOct 6
Latest updateJan 27

Description

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and size), and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decode_header. The buffer td->uncompressed_data is allocated in decode_block based on the xsize, ysize and computed current_channel_offset. The function dwa_uncompress then assumes at [5] that if there are 4 channels, the

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Affected Packages4 packages

CVEListV5ffmpeg/ffmpeg9a32b863074ed4140141e0d3613905c6f1fe61c58.0+1
debiandebian/ffmpeg< ffmpeg 7:5.1.7-0+deb12u1 (bookworm)
Debianffmpeg/ffmpeg< 7:5.1.7-0+deb12u1+2
Ubuntuffmpeg/ffmpeg< 7:7.1.1-1ubuntu4.2+5

🔴Vulnerability Details

3
OSV
ffmpeg vulnerabilities2026-01-27
GHSA
GHSA-hpfq-c235-5854: When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and2025-10-06
OSV
CVE-2025-59733: When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and2025-10-06

📋Vendor Advisories

3
Ubuntu
FFmpeg vulnerabilities2026-01-27
Red Hat
FFmpeg: FFmpeg: Buffer overflow in OpenEXR DWAA/DWAB decoding2025-10-06
Debian
CVE-2025-59733: ffmpeg - When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an imp...2025