Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-59731

Опубликовано: 06 окт. 2025
Источник: debian

Описание

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ffmpegfixed7:7.1.2-1package
ffmpegnot-affectedbullseyepackage

Примечания

  • https://issuetracker.google.com/issues/436510153

  • Introduced in: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc85ca1cb347570a95d8615b7d4c7b542042b7f0 (n4.4)

  • Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0d9c003d76383e82b57b6d5aa33776709d0cda2c (n8.0)

  • Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d7e188f33f638d85a1ab70943bde70359454b05c (n7.1.2)

  • Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/be682029ae18b80fa9b27f0715ca77323409379c (n6.1.3)

  • Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ec959281897aa29076f3083edbc2306357342d7c (n5.1.7)

Связанные уязвимости

ubuntu логотип

CVE-2025-59731

ubuntu
3 месяца назад

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond.

nvd логотип

CVE-2025-59731

nvd
3 месяца назад

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond.

github логотип

GHSA-p7r5-qh99-qchm

github
3 месяца назад

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond.

fstec логотип

BDU:2025-12718

CVSS3: 6.1
fstec
5 месяцев назад

Уязвимость функции rle_raw_size мультимедийной библиотеки FFmpeg, позволяющая нарушителю выполнить произвольный код

redos логотип

ROS-20251110-01

CVSS3: 7.5
redos
2 месяца назад

Множественные уязвимости ffmpeg