CVE-2025-59734 — Use After Free in Ffmpeg

CWE-416 — Use After Free5 documents5 sources

Severity

8.7HIGHNVD

EPSS

0.0%

top 95.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedOct 6

Description

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion stored_frame. Stored frames can later be referenced by FTCH chunks. For files using subversion stored_frame. Leaving ctx->has_dimensions set to false. A subsequent chunk with type FTCH would call process_ftch and decode that frame obj again, adding to the top/left values and calling process_frame_obj again. Given that we never set ctx->have_dimensions before, this time we set the…

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Affected Packages2 packages

▶CVEListV5ffmpeg/ffmpeg4d7c609be37dc57d31527c8c9e5945dc9491a7cd — 8.0+1

▶debiandebian/ffmpeg

🔴Vulnerability Details

GHSA

GHSA-g9mr-r3g9-6594: It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion stored_frame↗2025-10-06

▶

OSV

CVE-2025-59734: It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion stored_frame↗2025-10-06

▶

📋Vendor Advisories

Red Hat

FFmpeg: FFmpeg: Use-after-free vulnerability in SANM decoding↗2025-10-06

▶

Debian

CVE-2025-59734: ffmpeg - It is possible to cause an use-after-free write in SANM decoding with a carefull...↗2025

▶