Search for vulnerabilities
Vulnerability details: VCID-97xy-zftr-hqh3
Vulnerability ID VCID-97xy-zftr-hqh3
Aliases CVE-2025-0518
Summary Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:  https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman
Status Published
Exploitability 0.5
Weighted Severity 4.3
Risk 2.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-125 Out-of-bounds Read
CWE-252 Unchecked Return Value
System Score Found at
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
epss 0.00094 https://api.first.org/data/v1/epss?cve=CVE-2025-0518
cvssv3.1 4.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv4 4.8 https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
ssvc Track https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-0518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0518
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
CVE-2025-0518 https://nvd.nist.gov/vuln/detail/CVE-2025-0518
USN-7538-1 https://usn.ubuntu.com/7538-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N Found at https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-16T19:10:53Z/ Found at https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
Exploit Prediction Scoring System (EPSS)
Percentile 0.18029
EPSS Score 0.00068
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-01-16T21:54:34.825414+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2025/0xxx/CVE-2025-0518.json 35.1.0