Memory Leak Vulnerability in FFmpeg Libavutil Component
CVE-2025-25469

6.5MEDIUM

Key Information:

Vendor: FFmpeg
Status: FFmpeg
Vendor: CVE Published:; 18 February 2025

What is CVE-2025-25469?

The FFmpeg project has identified a memory leak issue in the libavutil component, affecting versions prior to commit d5873b. This vulnerability can lead to excessive memory consumption during the processing of certain inputs, potentially resulting in degraded performance or denial of service due to resource exhaustion. It is essential for users to review their implementation and upgrade to patched versions to prevent exploitation.

References

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be58...

https://trac.ffmpeg.org/ticket/11416

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Feb 7, 2025