CVE-2025-1816
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-1816
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1816.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-1816
- Related
- Published
- 2025-03-02T14:15:34Z
- Modified
- 2025-03-10T11:48:49.731166Z
- Summary
- [none]
- Details
-
A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audioelementobu of the file libavformat/iamfparse.c of the component IAMF File Handler. The manipulation of the argument numparameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.
- References
-
- https://ffmpeg.org/
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0526535cd58444dd264e810b2f3348b4d96cff3b
- https://trac.ffmpeg.org/attachment/ticket/11475/poc
- https://trac.ffmpeg.org/ticket/11475
- https://vuldb.com/?ctiid.298089
- https://vuldb.com/?id.298089
- https://vuldb.com/?submit.506575
- https://security-tracker.debian.org/tracker/CVE-2025-1816
Affected packages
Debian:13 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/debian/ffmpeg?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:7.1.1-1
Affected versions
7:5.*
7:5.1.3-1
7:5.1.3-2
7:6.*
7:6.0-1
7:6.0-2
7:6.0-3
7:6.0-4
7:6.0-5
7:6.0-6
7:6.0-7
7:6.0-8
7:6.0-9
7:6.1-1
7:6.1-2
7:6.1-3
7:6.1-4
7:6.1-5
7:6.1.1-1
7:6.1.1-2
7:6.1.1-3
7:6.1.1-4
7:6.1.1-5
7:7.*
7:7.0-1
7:7.0.1-1
7:7.0.1-2
7:7.0.1-3
7:7.0.1-4
7:7.0.1-5
7:7.0.2-1
7:7.0.2-2
7:7.0.2-3
7:7.1-1
7:7.1-2
7:7.1-3
7:7.1-4
Git / git.ffmpeg.org/ffmpeg.git
Affected ranges
- Type
- GIT
- Repo
- https://git.ffmpeg.org/ffmpeg.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
N
n0.*
n0.11-dev
n0.12-dev
n0.8
n1.*
n1.1-dev
n1.2-dev
n1.3-dev
n2.*
n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev
n3.*
n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
n3.5-dev
n4.*
n4.1-dev
n4.2-dev
n4.3-dev
n4.4-dev
n4.5-dev
n5.*
n5.1-dev
n5.2-dev
n6.*
n6.1-dev
n6.2-dev
n7.*
n7.1-dev
n7.2-dev