Heap Buffer Overflow in SANM File Decoder of ANIM v0 Variant by Google
CVE-2025-59730

5.7MEDIUM

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg
Vendor: CVE Published:; 6 October 2025

What is CVE-2025-59730?

A heap buffer overflow vulnerability exists in the SANM file decoding process for ANIM v0 variants, where the allocated buffer for decoded data may be insufficient. Frames encoded with codec 48 specify resolution details, but the lack of validation when processing the decoded frame can lead to significant data corruption and potential exploit scenarios. To mitigate risks, it is advised to upgrade to version 8.0 or later.

Affected Version(s)

FFmpeg 829680f96a7a7ff02d1543895ec0fb713309d5c0 < 8.0

References

https://issuetracker.google.com/434637586

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Sep 19, 2025

Credit

Google Big Sleep

JSON