Debian Ffmpeg vulnerabilities

CVE-2025-63757 [HIGH] CVE-2025-63757: ffmpeg - Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswsca... Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0. Scope: local bookworm: resolved (fixed in 7:5.1.8-0+deb12u1) bullseye: resolved (fixed in 7:4.3.9-0+deb11u2) forky: resolved (fixed in 7:7.1.3-1) sid: resolved (fixed in 7:7.1.3-1) trixie: resolved (fixed in 7:7.1.3-0+deb13u1)

CVE-2025-59733 [HIGH] CVE-2025-59733: ffmpeg - When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an imp... When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and size), and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decode_header. The buffer td->uncompressed_data is allocated in decode_block based on the x

CVE-2025-59732 [HIGH] CVE-2025-59732: ffmpeg - When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an imp... When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompressed_data is allocated in decode_block based on the precise h

CVE-2025-9951 [HIGH] CVE-2025-9951: ffmpeg - A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attack... A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. Scope: local bookworm: resolved (fixed in 7:5.1.7-0+deb12u1) bullseye: resolved (fixed in 7:4.3.9-0+deb11u2) forky: resolved (fixed in 7:7.1.2-1) sid: resolved (fixed in

CVE-2025-59731 [MEDIUM] CVE-2025-59731: ffmpeg - When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified ... When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer

CVE-2025-10256 [MEDIUM] CVE-2025-10256: ffmpeg - A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter ... A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to deref

CVE-2025-22919 [MEDIUM] CVE-2025-22919: ffmpeg - A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows at... A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. Scope: local bookworm: resolved (fixed in 7:5.1.7-0+deb12u1) bullseye: resolved (fixed in 7:4.3.8-0+deb11u3) forky: resolved (fixed in 7:7.1.1-1) sid: resolved (fixed in 7:7.1.1-1) trixie: resolved (fixed in 7:7.

CVE-2025-0518 [MEDIUM] CVE-2025-0518: ffmpeg - Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read S... Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38

CVE-2025-1594 [MEDIUM] CVE-2025-1594: ffmpeg - A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1... A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Scope: l

CVE-2025-7700 [MEDIUM] CVE-2025-7700: ffmpeg - A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check... A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service. Scope: local bookworm: resolved (fixed in 7:5.1

CVE-2025-22921 [MEDIUM] CVE-2025-22921: ffmpeg - FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation ... FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c. Scope: local bookworm: open bullseye: resolved (fixed in 7:4.3.8-0+deb11u3) forky: resolved (fixed in 7:8.0.1-2) sid: resolved (fixed in 7:8.0.1-2) trixie: open

CVE-2025-25469 [MEDIUM] CVE-2025-25469: ffmpeg - FFmpeg git-master before commit d5873b was discovered to contain a memory leak i... FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-22920 [MEDIUM] CVE-2025-22920: ffmpeg - A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows atta... A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-25471 [MEDIUM] CVE-2025-25471: ffmpeg - FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer ... FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-12343 [LOW] CVE-2025-12343: ffmpeg - A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backe... A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash

CVE-2025-25468 [MEDIUM] CVE-2025-25468: ffmpeg - FFmpeg git-master before commit d5873b was discovered to contain a memory leak i... FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-25473 [MEDIUM] CVE-2025-25473: ffmpeg - FFmpeg git master before commit c08d30 was discovered to contain a memory leak i... FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 7:8.0.1-2) sid: resolved (fixed in 7:8.0.1-2) trixie: resolved (fixed in 7:7.1.3-0+deb13u1)

CVE-2025-69693 [MEDIUM] CVE-2025-69693: ffmpeg - Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60de... Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame header + offset +2 from read_qp_offset) while the rv60_qp_to_idx array has size 64 (valid i

CVE-2025-1816 [MEDIUM] CVE-2025-1816: ffmpeg - A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57... A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has bee

CVE-2025-59729 [MEDIUM] CVE-2025-59729: ffmpeg - When parsing the header for a DHAV file, there's an integer underflow in offset ... When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAX_DURATION_BUFFER_SIZE bytes (0x100000) for example 0x101000 bytes, then at [0] we have size = 0x101000. At [1] we have end_buffer_size = 0x100000,