DEBIAN-CVE-2025-1816

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-1816

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-1816.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-1816

Upstream

CVE-2025-1816

Published

2025-03-02T14:15:34Z

Modified

2025-09-19T06:15:17Z

Summary

[none]

Details

A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audioelementobu of the file libavformat/iamfparse.c of the component IAMF File Handler. The manipulation of the argument numparameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.

References

https://security-tracker.debian.org/tracker/CVE-2025-1816

Affected packages

Debian:13 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/debian/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7:7.1.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/debian/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7:7.1.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}