PT-2025-6967 · FFmpeg · Ffmpeg

0X20Z

Published

2025-02-18

Updated

2025-03-02

CVE-2025-22920

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: FFmpeg versions before commit 4bf784c

Description: A heap buffer overflow issue allows attackers to trigger memory corruption via a crafted media file in avformat when processing tile grid group streams, potentially leading to a Denial of Service (DoS).

Recommendations: For FFmpeg versions before commit 4bf784c, update to a version that includes the fix for this issue to prevent potential memory corruption and Denial of Service (DoS) attacks.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

CVE-2025-22920

MGASA-2025-0085

OPENSUSE-SU-2025:14834-1

Affected Products

Ffmpeg

PT-2025-6967 · FFmpeg · Ffmpeg

CVE-2025-22920

Weakness Enumeration

Related Identifiers

Affected Products

References · 23