JLSEC-2025-136

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-136.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-136.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2025-136
Upstream
Published
2025-10-19T19:08:53.760Z
Modified
2025-11-03T00:19:44.042233Z
Summary
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vu...
Details

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.

Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "id": "CVE-2024-35369",
            "modified": "2025-06-03T16:06:20.667Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-35369",
            "imported": "2025-10-18T14:07:17.227Z",
            "published": "2024-11-29T17:15:07.707Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35369"
        }
    ]
}
References

Affected packages

Julia / FFMPEG_jll

Package

Name
FFMPEG_jll
Purl
pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5

Affected ranges

Type
SEMVER
Events
Introduced
6.1.1+0
Fixed
6.1.2+0