JLSEC-2025-133

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-133.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-133.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2025-133
Upstream
Published
2025-10-19T19:08:53.760Z
Modified
2025-11-03T00:04:54.694389Z
Summary
A vulnerability was found in FFmpeg up to 7.0.1
Details

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnmdecodeframe in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

Database specific 
{
    "sources": [
        {
            "id": "CVE-2024-7055",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-7055",
            "imported": "2025-10-18T14:07:17.225Z",
            "modified": "2025-06-03T17:20:06.493Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7055",
            "published": "2024-08-06T06:15:36.107Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / FFMPEG_jll

Package

Name
FFMPEG_jll
Purl
pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.2+0

Julia / FFplay_jll

Package

Name
FFplay_jll
Purl
pkg:julia/FFplay_jll?uuid=c4dce911-e170-5107-8314-c7bdc6785395

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.0+0