anonhaven
Ad

CVE-2025-22921

MEDIUM CVSS 3.1: 6.5 EPSS 0.12%
Updated Jan 12, 2026
Debian
Parameter Value
CVSS 6.5 (MEDIUM)
Type CWE-476 (NULL Pointer Dereference)
Vendor Debian
Public PoC No

FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-476 NULL Pointer Dereference

Vulnerable Products 14

Configuration From (including) Up to (excluding)
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:7.0:*:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:7.0.1:*:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:7.0.2:*:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:7.0.3:*:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:7.1:*:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:7.1:dev:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:7.1.1:*:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:7.1.2:*:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:7.1.3:*:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:7.2:dev:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:8.0:*:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:8.0.1:*:*:*:*:*:*:*
Ffmpeg Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:8.1:dev:*:*:*:*:*:*
Debian Debian_Linux
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References 2

https://trac.ffmpeg.org/ticket/11393
cve@mitre.org
https://lists.debian.org/debian-lts-announce/2025/02/msg00037.html
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-63261

Awstats

7.8

CVE-2025-62600

Eprosima

7.5

CVE-2025-62599

Eprosima

7.5

CVE-2025-64512

Debian

8.6

CVE-2025-10934

Debian

7.8