Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-1594

Опубликовано: 23 фев. 2025
Источник: debian
EPSS Низкий

Описание

A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ffmpegfixed7:7.1.2-1package
ffmpegpostponedbullseyepackage

Примечания

  • https://ffmpeg.org/pipermail/ffmpeg-devel/2025-February/339544.html

  • https://trac.ffmpeg.org/ticket/11418

  • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/bedfb6eca402037f5cbb115fa767d106b8c14f1c (n8.0)

  • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c2184b65d214d60f2d3df86a11ca502567a3d134 (n7.1.2)

  • https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6023611ca735f448f87e49d1a110875dc8b454c5 (n5.1.8)

EPSS

Процентиль: 57%
0.00354
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-1594

CVSS3: 6.3
ubuntu
11 месяцев назад

A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

nvd логотип

CVE-2025-1594

CVSS3: 6.3
nvd
11 месяцев назад

A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

github логотип

GHSA-37pp-xmcw-vg4w

CVSS3: 6.3
github
11 месяцев назад

A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

fstec логотип

BDU:2025-11468

CVSS3: 6.3
fstec
около 1 года назад

Уязвимость функции ff_aac_search_for_tns компонента libavcodec/aacenc_tns.c мультимедийной библиотеки FFmpeg, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации, нарушить её целостность, а также вызвать отказ в обслуживании

redos логотип

ROS-20251111-11

CVSS3: 6.3
redos
2 месяца назад

Уязвимость ffmpeg

EPSS

Процентиль: 57%
0.00354
Низкий