Integer Underflow Vulnerability in DHAV File Parsing by Affected Vendor
CVE-2025-59729

5.7MEDIUM

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg
Vendor: CVE Published:; 6 October 2025

What is CVE-2025-59729?

This vulnerability arises during the parsing of DHAV files due to an integer underflow in offset calculations. If a DHAV file exceeds the maximum buffer size, it can lead to erroneous access before the allocated buffer's start. The parsing logic, which scans backward through the buffer to identify the dhav tag, mistakenly allows certain offsets that can cause the access to precede the allocated memory limit. This mismanagement hinders the integrity of the software and needs urgent attention for users of the DHAV file parser versions below 8.0. Upgrading to version 8.0 or later is strongly recommended to mitigate this risk.

Affected Version(s)

FFmpeg a218cafe4d3be005ab0c61130f90db4d21afb5db < 8.0

References

https://issuetracker.google.com/433513232

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Sep 19, 2025

Credit

Google Big Sleep

JSON