anonhaven
Ad

CVE-2025-1594

MEDIUM CVSS 4.0: 5.3 EPSS 0.12%
Updated Jun 03, 2025
Ffmpeg
Parameter Value
CVSS 5.3 (MEDIUM)
Affected Versions before 7.1
Type CWE-787 (Out-of-bounds Write), CWE-119 (Buffer Overflow), CWE-121 (Stack-based Buffer Overflow)
Vendor Ffmpeg
Public PoC Yes

A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow.

It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-787 Out-of-bounds Write
CWE-119 Buffer Overflow
CWE-121 Stack-based Buffer Overflow

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
 <= 7.1

References 6

https://ffmpeg.org/
cna@vuldb.com
https://trac.ffmpeg.org/attachment/ticket/11418/poc
cna@vuldb.com
https://trac.ffmpeg.org/ticket/11418#comment:3
cna@vuldb.com
https://vuldb.com/?ctiid.296589
cna@vuldb.com
https://vuldb.com/?id.296589
cna@vuldb.com
https://vuldb.com/?submit.496929
cna@vuldb.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-69693

Ffmpeg

5.4

CVE-2025-25469

Ffmpeg

6.5

CVE-2025-25468

Ffmpeg

6.5

CVE-2025-22921

Debian

6.5

CVE-2025-1373

Ffmpeg

4.8