PT-2025-9210 · FFmpeg+3 · Ffmpeg+3
0X20Z
·
Published
2025-02-17
·
Updated
2025-11-10
·
CVE-2025-1816
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
FFmpeg versions up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb
Description
A problematic vulnerability has been found in FFmpeg, affecting the function
audio element obu of the file libavformat/iamf parse.c of the component IAMF File Handler. The manipulation of the argument num parameters leads to a memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Recommendations
To fix this issue, apply a patch with the identifier 0526535cd58444dd264e810b2f3348b4d96cff3b. As a temporary workaround, consider restricting access to the vulnerable function
audio element obu until a patch is available. Avoid using the argument num parameters in the affected component IAMF File Handler to minimize the risk of exploitation.Exploit
Fix
Improper Resource Release
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ffmpeg
Linuxmint
Red Os
Ubuntu