Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie

Type deb

Namespace debian

Name ffmpeg

Version 7:7.1.1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 7:7.1.2-0+deb13u1

Latest_non_vulnerable_version 7:8.1.1-3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1kt8-snqa-5ygv

vulnerability_id VCID-1kt8-snqa-5ygv

summary A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6602

reference_id

reference_type

scores

value	0.00163
scoring_system	epss
scoring_elements	0.36881
published_at	2026-05-14T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37388
published_at	2026-04-02T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37299
published_at	2026-04-16T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37282
published_at	2026-04-18T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.3677
published_at	2026-05-05T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36837
published_at	2026-05-07T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36859
published_at	2026-05-09T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36782
published_at	2026-05-11T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.36804
published_at	2026-05-12T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37412
published_at	2026-04-04T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.3724
published_at	2026-04-07T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37291
published_at	2026-04-08T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37303
published_at	2026-04-09T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37314
published_at	2026-04-11T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37281
published_at	2026-04-12T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37253
published_at	2026-04-13T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41408
published_at	2026-04-26T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41414
published_at	2026-04-24T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.4133
published_at	2026-04-29T12:55:00Z

value	0.00196
scoring_system	epss
scoring_elements	0.41521
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6602

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6602
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6602

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2334338

reference_id

show_bug.cgi?id=2334338

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T15:00:28Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2334338

fixed_packages

url pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ujjc-ays1-gfc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.7-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:4.3.9-0%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:4.3.9-0%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.9-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.7-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.1-1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1-3%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1.1-3%3Fdistro=trixie

aliases CVE-2023-6602

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kt8-snqa-5ygv

url VCID-1wgj-dtu4-qkdf

vulnerability_id VCID-1wgj-dtu4-qkdf

summary ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-55069

reference_id

reference_type

scores

value	0.00297
scoring_system	epss
scoring_elements	0.53094
published_at	2026-05-14T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52938
published_at	2026-05-05T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52989
published_at	2026-05-07T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53031
published_at	2026-05-09T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53022
published_at	2026-05-12T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52972
published_at	2026-04-02T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52996
published_at	2026-05-11T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52964
published_at	2026-04-07T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53015
published_at	2026-04-08T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53008
published_at	2026-04-09T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53058
published_at	2026-04-11T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53042
published_at	2026-04-12T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53026
published_at	2026-04-13T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53063
published_at	2026-04-16T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.5307
published_at	2026-04-18T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53052
published_at	2026-04-21T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53018
published_at	2026-04-24T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.53027
published_at	2026-04-26T12:55:00Z

value	0.00297
scoring_system	epss
scoring_elements	0.52987
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-55069

reference_url

https://trac.ffmpeg.org/ticket/11326

reference_id

11326

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-12T14:08:51Z/

url

https://trac.ffmpeg.org/ticket/11326

reference_url

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4cc1495aca45445181a107a682c32cfe31459929

reference_id

4cc1495aca45445181a107a682c32cfe31459929

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-12T14:08:51Z/

url

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4cc1495aca45445181a107a682c32cfe31459929

fixed_packages

url	pkg:deb/debian/ffmpeg@0?distro=trixie
purl	pkg:deb/debian/ffmpeg@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@0%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ujjc-ays1-gfc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.7-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.1-1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1-3%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1.1-3%3Fdistro=trixie

aliases CVE-2024-55069

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1wgj-dtu4-qkdf

url VCID-hd6u-9x7x-mke8

vulnerability_id VCID-hd6u-9x7x-mke8

summary A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6605

reference_id

reference_type

scores

value	0.00093
scoring_system	epss
scoring_elements	0.2586
published_at	2026-05-14T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26158
published_at	2026-04-02T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25993
published_at	2026-04-13T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25997
published_at	2026-04-16T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25978
published_at	2026-04-18T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25725
published_at	2026-05-05T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25784
published_at	2026-05-12T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25843
published_at	2026-05-09T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.25767
published_at	2026-05-11T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26199
published_at	2026-04-04T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.2597
published_at	2026-04-07T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26037
published_at	2026-04-08T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26088
published_at	2026-04-09T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26098
published_at	2026-04-11T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26052
published_at	2026-04-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29826
published_at	2026-04-26T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29942
published_at	2026-04-24T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29759
published_at	2026-04-29T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30012
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6605

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6605
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6605

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2334336

reference_id

show_bug.cgi?id=2334336

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:03:36Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2334336

reference_url	https://usn.ubuntu.com/7830-1/
reference_id	USN-7830-1
reference_type
scores
url	https://usn.ubuntu.com/7830-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ujjc-ays1-gfc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.7-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:4.3.9-0%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:4.3.9-0%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.9-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.7-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.1-1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1-3%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1.1-3%3Fdistro=trixie

aliases CVE-2023-6605

risk_score 3.2

exploitability 0.5

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hd6u-9x7x-mke8

url VCID-k14h-eek4-s3cv

vulnerability_id VCID-k14h-eek4-s3cv

summary A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-22919

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22508
published_at	2026-05-14T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22598
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22595
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22545
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22284
published_at	2026-05-05T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22368
published_at	2026-05-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22445
published_at	2026-05-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22413
published_at	2026-05-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2243
published_at	2026-05-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22531
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22609
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22662
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2268
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22639
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22584
published_at	2026-04-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22779
published_at	2026-04-29T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22791
published_at	2026-04-24T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22786
published_at	2026-04-26T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23503
published_at	2026-04-02T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.2354
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-22919

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22919
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22919

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://trac.ffmpeg.org/ticket/11385

reference_id

11385

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T21:10:35Z/

url

https://trac.ffmpeg.org/ticket/11385

reference_url	https://usn.ubuntu.com/7538-1/
reference_id	USN-7538-1
reference_type
scores
url	https://usn.ubuntu.com/7538-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ujjc-ays1-gfc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.7-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:4.3.8-0%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:4.3.8-0%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.8-0%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.7-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.1-1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1-3%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1.1-3%3Fdistro=trixie

aliases CVE-2025-22919

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k14h-eek4-s3cv

url VCID-kcjw-jy65-hfge

vulnerability_id VCID-kcjw-jy65-hfge

summary A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6604

reference_id

reference_type

scores

value	0.00083
scoring_system	epss
scoring_elements	0.24248
published_at	2026-04-13T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24264
published_at	2026-04-16T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24252
published_at	2026-04-18T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24405
published_at	2026-04-02T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24437
published_at	2026-04-04T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.2422
published_at	2026-04-07T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24287
published_at	2026-04-08T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.2433
published_at	2026-04-09T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24348
published_at	2026-04-11T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24305
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27547
published_at	2026-04-21T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27323
published_at	2026-04-29T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.274
published_at	2026-04-26T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27507
published_at	2026-04-24T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.2944
published_at	2026-05-14T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.2942
published_at	2026-05-09T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29341
published_at	2026-05-11T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29361
published_at	2026-05-12T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29344
published_at	2026-05-05T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29407
published_at	2026-05-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6604

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2334337

reference_id

show_bug.cgi?id=2334337

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:05:31Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2334337

fixed_packages

url pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ujjc-ays1-gfc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.7-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:4.3.9-0%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:4.3.9-0%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.9-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.7-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.1-1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1-3%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1.1-3%3Fdistro=trixie

aliases CVE-2023-6604

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kcjw-jy65-hfge

url VCID-u45n-rr9s-ffah

vulnerability_id VCID-u45n-rr9s-ffah

summary Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0518

reference_id

reference_type

scores

value	0.00122
scoring_system	epss
scoring_elements	0.30757
published_at	2026-05-14T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31337
published_at	2026-04-02T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30747
published_at	2026-05-09T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30667
published_at	2026-05-11T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.3069
published_at	2026-05-12T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31378
published_at	2026-04-04T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31198
published_at	2026-04-07T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31251
published_at	2026-04-08T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31281
published_at	2026-04-09T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31286
published_at	2026-04-11T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31242
published_at	2026-04-12T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.312
published_at	2026-04-13T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31232
published_at	2026-04-16T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31214
published_at	2026-04-18T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31186
published_at	2026-04-21T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31027
published_at	2026-04-24T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30905
published_at	2026-04-26T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30821
published_at	2026-04-29T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30669
published_at	2026-05-05T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.30738
published_at	2026-05-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0518

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a

reference_id

b5b6391d64807578ab872dc58fb8aa621dcfc38a

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T19:10:53Z/

url

https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a

reference_url	https://usn.ubuntu.com/7538-1/
reference_id	USN-7538-1
reference_type
scores
url	https://usn.ubuntu.com/7538-1/

fixed_packages

url pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ujjc-ays1-gfc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.7-0%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:4.3.8-0%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:4.3.8-0%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.8-0%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:5.1.7-0%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.7-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.1-1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1-3%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1.1-3%3Fdistro=trixie

aliases CVE-2025-0518

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u45n-rr9s-ffah

url VCID-xh69-cs7h-wqb2

vulnerability_id VCID-xh69-cs7h-wqb2

summary A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1816

reference_id

reference_type

scores

value	0.00088
scoring_system	epss
scoring_elements	0.25155
published_at	2026-04-12T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25197
published_at	2026-04-11T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.24992
published_at	2026-05-14T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.24913
published_at	2026-05-12T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.24891
published_at	2026-05-11T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.24966
published_at	2026-05-09T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.24906
published_at	2026-05-07T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.24835
published_at	2026-05-05T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.24957
published_at	2026-04-29T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25002
published_at	2026-04-26T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25013
published_at	2026-04-24T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25073
published_at	2026-04-21T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25103
published_at	2026-04-18T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25112
published_at	2026-04-16T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25102
published_at	2026-04-13T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47738
published_at	2026-04-07T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.4777
published_at	2026-04-02T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47789
published_at	2026-04-04T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47792
published_at	2026-04-08T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52576
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1816

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0526535cd58444dd264e810b2f3348b4d96cff3b

reference_id

0526535cd58444dd264e810b2f3348b4d96cff3b

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/

url

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0526535cd58444dd264e810b2f3348b4d96cff3b

reference_url

https://trac.ffmpeg.org/ticket/11475

reference_id

11475

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/

url

https://trac.ffmpeg.org/ticket/11475

reference_url

https://vuldb.com/?ctiid.298089

reference_id

?ctiid.298089

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/

url

https://vuldb.com/?ctiid.298089

reference_url

https://ffmpeg.org/

reference_id

ffmpeg.org

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/

url

https://ffmpeg.org/

reference_url

https://vuldb.com/?id.298089

reference_id

?id.298089

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/

url

https://vuldb.com/?id.298089

reference_url

https://trac.ffmpeg.org/attachment/ticket/11475/poc

reference_id

poc

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/

url

https://trac.ffmpeg.org/attachment/ticket/11475/poc

reference_url

https://vuldb.com/?submit.506575

reference_id

?submit.506575

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-03T20:12:17Z/

url

https://vuldb.com/?submit.506575

reference_url	https://usn.ubuntu.com/7538-1/
reference_id	USN-7538-1
reference_type
scores
url	https://usn.ubuntu.com/7538-1/

fixed_packages

url	pkg:deb/debian/ffmpeg@0?distro=trixie
purl	pkg:deb/debian/ffmpeg@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@0%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ujjc-ays1-gfc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.7-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:7.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.1-1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1-3%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1.1-3%3Fdistro=trixie

aliases CVE-2025-1816

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xh69-cs7h-wqb2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.1-1%3Fdistro=trixie

Package Instance