Out-of-bounds Read Vulnerability in FFmpeg by FFmpeg
CVE-2025-0518
4.8MEDIUM
Key Information:
- Vendor
- Ffmpeg
- Status
- Ffmpeg
- Vendor
- CVE Published:
- 16 January 2025
Summary
An unchecked return value in FFmpeg can lead to an out-of-bounds read, allowing attackers to access sensitive constants within an executable. This flaw, discovered by Simcha Kosman, affects version 7.1 of FFmpeg and has been addressed in subsequent updates. To mitigate the risk, users are encouraged to upgrade to the patched version, which resolves the issue by ensuring proper validation of values. For more details on the fix, refer to the official commit documentation.
Affected Version(s)
FFmpeg 7.1
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved