Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-59731

Опубликовано: 06 окт. 2025
Источник: debian
EPSS Низкий

Описание

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ffmpegfixed7:7.1.2-1package

Примечания

  • https://issuetracker.google.com/issues/436510153

  • Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0d9c003d76383e82b57b6d5aa33776709d0cda2c (n8.0)

  • Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d7e188f33f638d85a1ab70943bde70359454b05c (n7.1.2)

  • Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/be682029ae18b80fa9b27f0715ca77323409379c (n6.1.3)

  • Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ec959281897aa29076f3083edbc2306357342d7c (n5.1.7)

EPSS

Процентиль: 8%
0.0003
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-59731

ubuntu
около 2 месяцев назад

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond.

nvd логотип

CVE-2025-59731

nvd
около 2 месяцев назад

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond.

github логотип

GHSA-p7r5-qh99-qchm

github
около 2 месяцев назад

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond.

fstec логотип

BDU:2025-12718

CVSS3: 6.1
fstec
4 месяца назад

Уязвимость функции rle_raw_size мультимедийной библиотеки FFmpeg, позволяющая нарушителю выполнить произвольный код

redos логотип

ROS-20251110-01

CVSS3: 7.5
redos
21 день назад

Множественные уязвимости ffmpeg

EPSS

Процентиль: 8%
0.0003
Низкий