Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
Typeapk
Namespacealpine
Nameffmpeg
Version8.0-r0
Qualifiers
arch riscv64
distroversion edge
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-61se-679d-kqes
vulnerability_id VCID-61se-679d-kqes
summary It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2. When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->stored_frame. Stored frames can later be referenced by FTCH chunks. For files using subversion < 2, the undecoded frame is stored, and decoded again when the FTCH chunks are parsed. However, in process_frame_obj if the frame has an invalid size, there’s an early return, with a value of 0.  This causes the code in decode_frame to still store the raw frame buffer into ctx->stored_frame. Leaving ctx->has_dimensions set to false. A subsequent chunk with type FTCH would call process_ftch and decode that frame obj again, adding to the top/left values and calling process_frame_obj again. Given that we never set ctx->have_dimensions before, this time we set the dimensions, calling init_buffers, which can reallocate the buffer in ctx->stored_frame, freeing the previous one. However, the GetByteContext object gb still holds a reference to the old buffer. Finally, when the code tries to decode the frame, codecs that accept a GetByteContext as a parameter will trigger a use-after-free read when using gb. GetByteContext is only used for reading bytes, so at most one could read invalid data. There are no heap allocations between the free and when the object is accessed. However, upon returning to process_ftch, the code restores the original values for top/left in stored_frame, writing 4 bytes to the freed data at offset 6, potentially corrupting the allocator’s metadata. This issue can be triggered just by probing whether a file has the sanm format. We recommend upgrading to version 8.0 or beyond.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59734.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59734.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59734
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05497
published_at 2026-06-09T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05495
published_at 2026-06-06T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05494
published_at 2026-06-07T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05453
published_at 2026-06-08T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05513
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59734
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2401800
reference_id 2401800
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2401800
4
reference_url https://issuetracker.google.com/440183164
reference_id 440183164
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-08T03:55:15Z/
url https://issuetracker.google.com/440183164
fixed_packages
0
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-59734
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61se-679d-kqes
1
url VCID-68rc-v5j7-r3dj
vulnerability_id VCID-68rc-v5j7-r3dj
summary When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and size), and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decode_header. The buffer td->uncompressed_data is allocated in decode_block based on the xsize, ysize and computed current_channel_offset. The function dwa_uncompress then assumes at [5] that if there are 4 channels, these are "B", "G", "R" and "A", and in the calculations at [6] and [7] that all channels are of the same type, which matches the type of the main color channels. If we set the main color channels to a 4-byte type and add duplicate or unknown channels of the 2-byte EXR_HALF type, then the addition at [7] will increment the pointer by 4-bytes * xsize * nb_channels, which will exceed the allocated buffer. We recommend upgrading to version 8.0 or beyond.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59733.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59733.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59733
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.0645
published_at 2026-06-09T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06499
published_at 2026-06-06T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06488
published_at 2026-06-07T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06442
published_at 2026-06-08T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.06504
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59733
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2401799
reference_id 2401799
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2401799
4
reference_url https://issuetracker.google.com/436511754
reference_id 436511754
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-08T03:55:14Z/
url https://issuetracker.google.com/436511754
5
reference_url https://usn.ubuntu.com/7982-1/
reference_id USN-7982-1
reference_type
scores
url https://usn.ubuntu.com/7982-1/
fixed_packages
0
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-59733
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68rc-v5j7-r3dj
2
url VCID-6m1f-tmrx-vqh2
vulnerability_id VCID-6m1f-tmrx-vqh2
summary A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1816
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25231
published_at 2026-06-05T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25118
published_at 2026-06-09T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.25108
published_at 2026-06-08T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25165
published_at 2026-06-07T12:55:00Z
4
value 0.00088
scoring_system epss
scoring_elements 0.25215
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1816
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0526535cd58444dd264e810b2f3348b4d96cff3b
reference_id 0526535cd58444dd264e810b2f3348b4d96cff3b
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/
url https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0526535cd58444dd264e810b2f3348b4d96cff3b
3
reference_url https://trac.ffmpeg.org/ticket/11475
reference_id 11475
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/
url https://trac.ffmpeg.org/ticket/11475
4
reference_url https://vuldb.com/?ctiid.298089
reference_id ?ctiid.298089
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/
url https://vuldb.com/?ctiid.298089
5
reference_url https://ffmpeg.org/
reference_id ffmpeg.org
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/
url https://ffmpeg.org/
6
reference_url https://vuldb.com/?id.298089
reference_id ?id.298089
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/
url https://vuldb.com/?id.298089
7
reference_url https://trac.ffmpeg.org/attachment/ticket/11475/poc
reference_id poc
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/
url https://trac.ffmpeg.org/attachment/ticket/11475/poc
8
reference_url https://vuldb.com/?submit.506575
reference_id ?submit.506575
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/
url https://vuldb.com/?submit.506575
9
reference_url https://usn.ubuntu.com/7538-1/
reference_id USN-7538-1
reference_type
scores
url https://usn.ubuntu.com/7538-1/
fixed_packages
0
url pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@7.1.1-r0%3Farch=riscv64&distroversion=edge&reponame=community
1
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-1816
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6m1f-tmrx-vqh2
3
url VCID-87sb-je96-m3hy
vulnerability_id VCID-87sb-je96-m3hy
summary When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer td->uncompressed_data is allocated in decode_block based on the precise height and width of the image, so the "rounded-up" multiple of 8 in the copy loop can exceed the buffer bounds, and the write block starting at [2] can corrupt following heap memory. We recommend upgrading to version 8.0 or beyond.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59732.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59732.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59732
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05497
published_at 2026-06-09T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05495
published_at 2026-06-06T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05494
published_at 2026-06-07T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05453
published_at 2026-06-08T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05513
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59732
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2401797
reference_id 2401797
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2401797
4
reference_url https://issuetracker.google.com/436510316
reference_id 436510316
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-08T03:55:13Z/
url https://issuetracker.google.com/436510316
5
reference_url https://usn.ubuntu.com/7982-1/
reference_id USN-7982-1
reference_type
scores
url https://usn.ubuntu.com/7982-1/
fixed_packages
0
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-59732
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87sb-je96-m3hy
4
url VCID-b2dw-x3fv-u7hh
vulnerability_id VCID-b2dw-x3fv-u7hh
summary A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6605
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.31433
published_at 2026-06-09T12:55:00Z
1
value 0.00126
scoring_system epss
scoring_elements 0.31477
published_at 2026-06-06T12:55:00Z
2
value 0.00126
scoring_system epss
scoring_elements 0.3144
published_at 2026-06-07T12:55:00Z
3
value 0.00126
scoring_system epss
scoring_elements 0.31408
published_at 2026-06-08T12:55:00Z
4
value 0.00126
scoring_system epss
scoring_elements 0.31512
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6605
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6605
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6605
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2334336
reference_id show_bug.cgi?id=2334336
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:03:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2334336
4
reference_url https://usn.ubuntu.com/7830-1/
reference_id USN-7830-1
reference_type
scores
url https://usn.ubuntu.com/7830-1/
fixed_packages
0
url pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@7.1.1-r0%3Farch=riscv64&distroversion=edge&reponame=community
1
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2023-6605
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2dw-x3fv-u7hh
5
url VCID-b91v-gw54-j7fc
vulnerability_id VCID-b91v-gw54-j7fc
summary Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:  https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-0518
reference_id
reference_type
scores
0
value 0.00122
scoring_system epss
scoring_elements 0.30815
published_at 2026-06-05T12:55:00Z
1
value 0.00122
scoring_system epss
scoring_elements 0.30781
published_at 2026-06-06T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37306
published_at 2026-06-09T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.3733
published_at 2026-06-07T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37292
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-0518
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
reference_id b5b6391d64807578ab872dc58fb8aa621dcfc38a
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T19:10:53Z/
url https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
4
reference_url https://usn.ubuntu.com/7538-1/
reference_id USN-7538-1
reference_type
scores
url https://usn.ubuntu.com/7538-1/
fixed_packages
0
url pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@7.1.1-r0%3Farch=riscv64&distroversion=edge&reponame=community
1
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-0518
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b91v-gw54-j7fc
6
url VCID-d2cq-1cyd-efeu
vulnerability_id VCID-d2cq-1cyd-efeu
summary FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-25471
reference_id
reference_type
scores
0
value 0.00129
scoring_system epss
scoring_elements 0.31802
published_at 2026-06-09T12:55:00Z
1
value 0.00129
scoring_system epss
scoring_elements 0.31881
published_at 2026-06-05T12:55:00Z
2
value 0.00129
scoring_system epss
scoring_elements 0.31849
published_at 2026-06-06T12:55:00Z
3
value 0.00129
scoring_system epss
scoring_elements 0.31811
published_at 2026-06-07T12:55:00Z
4
value 0.00129
scoring_system epss
scoring_elements 0.31777
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-25471
1
reference_url https://trac.ffmpeg.org/ticket/11417
reference_id 11417
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T21:02:43Z/
url https://trac.ffmpeg.org/ticket/11417
2
reference_url https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/fd1772b7475d0d5673a5dd314ee78443d0be4cf1
reference_id fd1772b7475d0d5673a5dd314ee78443d0be4cf1
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T21:02:43Z/
url https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/fd1772b7475d0d5673a5dd314ee78443d0be4cf1
fixed_packages
0
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-25471
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d2cq-1cyd-efeu
7
url VCID-d6qt-8rgs-xqhk
vulnerability_id VCID-d6qt-8rgs-xqhk
summary A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6604
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.2941
published_at 2026-06-09T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.29462
published_at 2026-06-06T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29429
published_at 2026-06-07T12:55:00Z
3
value 0.00113
scoring_system epss
scoring_elements 0.29396
published_at 2026-06-08T12:55:00Z
4
value 0.00113
scoring_system epss
scoring_elements 0.29499
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6604
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6604
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6604
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2334337
reference_id show_bug.cgi?id=2334337
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:05:31Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2334337
fixed_packages
0
url pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@7.1.1-r0%3Farch=riscv64&distroversion=edge&reponame=community
1
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2023-6604
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6qt-8rgs-xqhk
8
url VCID-jwgz-rkj3-zyhe
vulnerability_id VCID-jwgz-rkj3-zyhe
summary When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAX_DURATION_BUFFER_SIZE bytes (0x100000) for example 0x101000 bytes, then at [0] we have size = 0x101000. At [1] we have end_buffer_size = 0x100000, and at [2] we have end_buffer_pos = 0x1000. The loop then scans backwards through the buffer looking for the dhav tag; when it is found, we'll calculate end_pos based on a 32-bit offset read from the buffer. There is subsequently a check [3] that end_pos is within the section of the file that has been copied into end_buffer, but it only correctly handles the cases where end_pos is before the start of the file or after the section copied into end_buffer, and not the case where end_pos is within the the file, but before the section copied into end_buffer. If we provide such an offset, (end_pos - end_buffer_pos) can underflow, resulting in the subsequent access at [4] occurring before the beginning of the allocation. We recommend upgrading to version 8.0 or beyond.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59729.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59729.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59729
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06399
published_at 2026-06-09T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06447
published_at 2026-06-06T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06437
published_at 2026-06-07T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06391
published_at 2026-06-08T12:55:00Z
4
value 0.00022
scoring_system epss
scoring_elements 0.06455
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59729
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2401798
reference_id 2401798
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2401798
4
reference_url https://issuetracker.google.com/433513232
reference_id 433513232
reference_type
scores
0
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T16:25:07Z/
url https://issuetracker.google.com/433513232
fixed_packages
0
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-59729
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwgz-rkj3-zyhe
9
url VCID-kvtk-c1fv-xqa1
vulnerability_id VCID-kvtk-c1fv-xqa1
summary When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow. process_frame_obj initializes the buffers based on the frame resolution: We recommend upgrading to version 8.0 or beyond.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59730.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59730.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59730
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05414
published_at 2026-06-09T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05427
published_at 2026-06-05T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.0541
published_at 2026-06-07T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.0537
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59730
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2401802
reference_id 2401802
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2401802
4
reference_url https://issuetracker.google.com/434637586
reference_id 434637586
reference_type
scores
0
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T16:22:19Z/
url https://issuetracker.google.com/434637586
fixed_packages
0
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-59730
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvtk-c1fv-xqa1
10
url VCID-p4v5-eb5w-bkh5
vulnerability_id VCID-p4v5-eb5w-bkh5
summary A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1373
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08842
published_at 2026-06-05T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08835
published_at 2026-06-09T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08793
published_at 2026-06-08T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08839
published_at 2026-06-07T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08858
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1373
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://trac.ffmpeg.org/ticket/11460
reference_id 11460
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/
url https://trac.ffmpeg.org/ticket/11460
3
reference_url https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
reference_id 43be8d07281caca2e88bfd8ee2333633e1fb1a13
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/
url https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
4
reference_url https://vuldb.com/?ctiid.295982
reference_id ?ctiid.295982
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/
url https://vuldb.com/?ctiid.295982
5
reference_url https://ffmpeg.org/
reference_id ffmpeg.org
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/
url https://ffmpeg.org/
6
reference_url https://vuldb.com/?id.295982
reference_id ?id.295982
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/
url https://vuldb.com/?id.295982
7
reference_url https://trac.ffmpeg.org/attachment/ticket/11460/poc
reference_id poc
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/
url https://trac.ffmpeg.org/attachment/ticket/11460/poc
8
reference_url https://vuldb.com/?submit.496930
reference_id ?submit.496930
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/
url https://vuldb.com/?submit.496930
fixed_packages
0
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-1373
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4v5-eb5w-bkh5
11
url VCID-qw9x-53te-cbh6
vulnerability_id VCID-qw9x-53te-cbh6
summary A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22920
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.35988
published_at 2026-06-09T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.36046
published_at 2026-06-05T12:55:00Z
2
value 0.00155
scoring_system epss
scoring_elements 0.36055
published_at 2026-06-06T12:55:00Z
3
value 0.00155
scoring_system epss
scoring_elements 0.36015
published_at 2026-06-07T12:55:00Z
4
value 0.00155
scoring_system epss
scoring_elements 0.35974
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22920
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://trac.ffmpeg.org/ticket/11389
reference_id 11389
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T21:13:41Z/
url https://trac.ffmpeg.org/ticket/11389
3
reference_url https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4bf784c0e5615c3f934e677d5de093a8be7da7ae
reference_id 4bf784c0e5615c3f934e677d5de093a8be7da7ae
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T21:13:41Z/
url https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4bf784c0e5615c3f934e677d5de093a8be7da7ae
fixed_packages
0
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-22920
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qw9x-53te-cbh6
12
url VCID-r7ja-x5y6-rbes
vulnerability_id VCID-r7ja-x5y6-rbes
summary A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1594
reference_id
reference_type
scores
0
value 0.00118
scoring_system epss
scoring_elements 0.30269
published_at 2026-06-05T12:55:00Z
1
value 0.00118
scoring_system epss
scoring_elements 0.30188
published_at 2026-06-09T12:55:00Z
2
value 0.00118
scoring_system epss
scoring_elements 0.30173
published_at 2026-06-08T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.30203
published_at 2026-06-07T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30233
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1594
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1594
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1594
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://trac.ffmpeg.org/ticket/11418#comment:3
reference_id 11418#comment:3
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/
url https://trac.ffmpeg.org/ticket/11418#comment:3
4
reference_url https://vuldb.com/?ctiid.296589
reference_id ?ctiid.296589
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/
url https://vuldb.com/?ctiid.296589
5
reference_url https://ffmpeg.org/
reference_id ffmpeg.org
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/
url https://ffmpeg.org/
6
reference_url https://vuldb.com/?id.296589
reference_id ?id.296589
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/
url https://vuldb.com/?id.296589
7
reference_url https://trac.ffmpeg.org/attachment/ticket/11418/poc
reference_id poc
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/
url https://trac.ffmpeg.org/attachment/ticket/11418/poc
8
reference_url https://vuldb.com/?submit.496929
reference_id ?submit.496929
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T12:02:17Z/
url https://vuldb.com/?submit.496929
9
reference_url https://usn.ubuntu.com/7738-1/
reference_id USN-7738-1
reference_type
scores
url https://usn.ubuntu.com/7738-1/
fixed_packages
0
url pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@7.1.1-r0%3Farch=riscv64&distroversion=edge&reponame=community
1
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-1594
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7ja-x5y6-rbes
13
url VCID-skn1-nyvn-muad
vulnerability_id VCID-skn1-nyvn-muad
summary A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6602
reference_id
reference_type
scores
0
value 0.00222
scoring_system epss
scoring_elements 0.44879
published_at 2026-06-09T12:55:00Z
1
value 0.00222
scoring_system epss
scoring_elements 0.44917
published_at 2026-06-06T12:55:00Z
2
value 0.00222
scoring_system epss
scoring_elements 0.44896
published_at 2026-06-07T12:55:00Z
3
value 0.00222
scoring_system epss
scoring_elements 0.44867
published_at 2026-06-08T12:55:00Z
4
value 0.00222
scoring_system epss
scoring_elements 0.4491
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6602
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6602
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6602
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2334338
reference_id show_bug.cgi?id=2334338
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T15:00:28Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2334338
fixed_packages
0
url pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@7.1.1-r0%3Farch=riscv64&distroversion=edge&reponame=community
1
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2023-6602
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-skn1-nyvn-muad
14
url VCID-sm7e-vgrq-33b9
vulnerability_id VCID-sm7e-vgrq-33b9
summary A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22919
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19577
published_at 2026-06-08T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19605
published_at 2026-06-09T12:55:00Z
2
value 0.00075
scoring_system epss
scoring_elements 0.22741
published_at 2026-06-06T12:55:00Z
3
value 0.00075
scoring_system epss
scoring_elements 0.22756
published_at 2026-06-05T12:55:00Z
4
value 0.00075
scoring_system epss
scoring_elements 0.22694
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22919
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22919
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22919
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://trac.ffmpeg.org/ticket/11385
reference_id 11385
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T21:10:35Z/
url https://trac.ffmpeg.org/ticket/11385
4
reference_url https://usn.ubuntu.com/7538-1/
reference_id USN-7538-1
reference_type
scores
url https://usn.ubuntu.com/7538-1/
fixed_packages
0
url pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@7.1.1-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@7.1.1-r0%3Farch=riscv64&distroversion=edge&reponame=community
1
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-22919
risk_score 1.6
exploitability 0.5
weighted_severity 3.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sm7e-vgrq-33b9
15
url VCID-u7ge-8dac-4fbm
vulnerability_id VCID-u7ge-8dac-4fbm
summary FFmpeg: FFmpeg: Out-of-bounds NUL-byte write in MPEG-DASH manifest handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59728.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59728.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59728
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05414
published_at 2026-06-09T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05427
published_at 2026-06-05T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.0541
published_at 2026-06-07T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.0537
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59728
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2401803
reference_id 2401803
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2401803
4
reference_url https://issuetracker.google.com/433502298
reference_id 433502298
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-08T03:55:09Z/
url https://issuetracker.google.com/433502298
5
reference_url https://usn.ubuntu.com/7982-1/
reference_id USN-7982-1
reference_type
scores
url https://usn.ubuntu.com/7982-1/
fixed_packages
0
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-59728
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u7ge-8dac-4fbm
16
url VCID-ux9d-64gu-vfdd
vulnerability_id VCID-ux9d-64gu-vfdd
summary When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_raw_size at [1], and then at [2] we will access entries in this buffer up to (td->xsize - 1) * (td->ysize - 1) + rle_raw_size / 2, which may exceed rle_raw_size. We recommend upgrading to version 8.0 or beyond.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59731
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05427
published_at 2026-06-05T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.0541
published_at 2026-06-07T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.0537
published_at 2026-06-08T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05414
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59731
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://issuetracker.google.com/436510153
reference_id 436510153
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-08T03:55:11Z/
url https://issuetracker.google.com/436510153
3
reference_url https://usn.ubuntu.com/7982-1/
reference_id USN-7982-1
reference_type
scores
url https://usn.ubuntu.com/7982-1/
fixed_packages
0
url pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community
aliases CVE-2025-59731
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ux9d-64gu-vfdd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community