CVE-2025-1816

EPSS 0.14%
Veröffentlicht 02.03.2025 14:15:34
Zuletzt bearbeitet 03.03.2025 20:15:44
Quelle cna@vuldb.com
Teams Watchlist Login
Unerledigt Login

A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt FFmpeg

Version 6e26f57f672b05e7b8b052007a83aef99dc81ccb

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.349

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cna@vuldb.com	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://ffmpeg.org/

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0526535cd58444dd264e810b2f3348b4d96cff3b

https://trac.ffmpeg.org/attachment/ticket/11475/poc

https://trac.ffmpeg.org/ticket/11475

https://vuldb.com/?ctiid.298089

https://vuldb.com/?id.298089

https://vuldb.com/?submit.506575

https://nvd.nist.gov/vuln/detail/CVE-2025-1816

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1816

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1816

EUVD