CVE-2025-63095

Exploit

EPSS 0.09%
Veröffentlicht 01.12.2025 00:00:00
Zuletzt bearbeitet 23.12.2025 13:53:07
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Improper input validation in the BitstreamWriter::write_bits() function of Tempus Ex hello-video-codec v0.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tempus-ex ≫ Hello-video-codec Version0.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.251

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://gist.github.com/thesmartshadow/b092e2493821491b981a069847a33064

Patch

Third Party Advisory

Exploit

https://github.com/tempus-ex/hello-video-codec

Product

https://github.com/tempus-ex/hello-video-codec/tree/3e9551c699311ea12ad7f2fce9562fbc990d524c

Product

https://github.com/tempus-ex/hello-video-codec/blob/3e9551c699311ea12ad7f2fce9562fbc990d524c/src/bitstream.rs

Product

https://nvd.nist.gov/vuln/detail/CVE-2025-63095

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-63095

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-63095

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-63095