Heap Buffer Overflow in FFmpeg's Jpeg2000 Decoder Affects Multiple Platforms
CVE-2025-9951

7.2HIGH

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-9951?

A vulnerability in the FFmpeg jpeg2000dec component allows attackers to exploit a heap buffer overflow via a crafted JPEG2000 file. This flaw can potentially facilitate remote code execution or lead to a denial of service due to improper handling of data in the channel definition cdef atom. Users are urged to review and update their FFmpeg installations to mitigate risks associated with this security issue.

Affected Version(s)

FFmpeg < 8.0

References

https://github.com/google/security-research/security/advi...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Sep 3, 2025

Ffmpeg

What is CVE-2025-9951?

Affected Version(s)

References

CVSS V4

Timeline