CVE-2025-22919

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: FFmpeg git-master commit N-113007-g8d24a28d06

Description: A reachable assertion in FFmpeg allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.

Recommendations: For FFmpeg git-master commit N-113007-g8d24a28d06, consider avoiding the use of crafted AAC files until a patch is available. As a temporary workaround, restrict the opening of AAC files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BDU:2025-02164

CVE-2025-22919

DLA-4073-1

DSA-5985-1

MGASA-2025-0085

OESA-2025-1771

OESA-2025-1772

OESA-2025-1773

OPENSUSE-SU-2025:14833-1

OPENSUSE-SU-2025:14834-1

OPENSUSE-SU-2025:15010-1

OPENSUSE-SU-2025_0862-1

OPENSUSE-SU-2025_1128-1

OPENSUSE-SU-2025_1450-1

SUSE-SU-2025:0862-1

SUSE-SU-2025:1128-1

SUSE-SU-2025:1450-1

USN-7538-1

Affected Products

Astra Linux

Debian

Ffmpeg

Linuxmint

Red Os

Suse

Ubuntu

CVE-2025-22919

Weakness Enumeration

Related Identifiers

Affected Products

References · 112