Memory Management Vulnerability in libx264 Affects VideoLAN
CVE-2025-25467

9.8CRITICAL

Key Information:

Vendor: VideoLAN
Status: libx264
Vendor: CVE Published:; 18 February 2025

What is CVE-2025-25467?

A significant memory management vulnerability in the libx264 component of VideoLAN allows attackers to exploit insufficient tracking and releasing of allocated memory. This vulnerability can be triggered through a specially crafted AAC file, leading to potential arbitrary code execution. It highlights the importance of secure memory management practices to mitigate such risks.

References

https://code.videolan.org/videolan/x264/-/issues/75

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Feb 7, 2025