Unrated severityNVD Advisory· Published Jan 16, 2025· Updated Nov 3, 2025
Unchecked sscanf return value which leads to memory data leak
CVE-2025-0518
Description
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C .
This issue affects FFmpeg: 7.1.
Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
41- osv-coords39 versionspkg:apk/chainguard/ffmpeg-6pkg:apk/chainguard/ffmpeg-6-devpkg:apk/chainguard/ffmpeg-6-docpkg:apk/chainguard/ffmpeg-6-libavcodec61pkg:apk/chainguard/ffmpeg-6-libavdevice61pkg:apk/chainguard/ffmpeg-6-libavfilter10pkg:apk/chainguard/ffmpeg-6-libavformat61pkg:apk/chainguard/ffmpeg-6-libavutil59pkg:apk/chainguard/ffmpeg-6-libpostproc58pkg:apk/chainguard/ffmpeg-6-libswresample5pkg:apk/chainguard/ffmpeg-6-libswscale8pkg:apk/chainguard/ffmpeg-6-qt-faststartpkg:apk/chainguard/ffmpeg-6-staticpkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-6&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-7&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/ffmpeg&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
< 6.1.3-r0+ 38 more
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 6.1.3-r0
- (no CPE)range: < 4.4.5-150600.13.16.1
- (no CPE)range: < 4.4.5-3.1
- (no CPE)range: < 6.1.2-3.1
- (no CPE)range: < 7.1-3.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 4.4.5-150400.3.46.1
- (no CPE)range: < 4.4.5-150400.3.46.1
- (no CPE)range: < 4.4.5-150600.13.16.1
- (no CPE)range: < 4.4.5-150400.3.46.1
- (no CPE)range: < 4.4.5-150400.3.46.1
- (no CPE)range: < 4.4.5-150600.13.16.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
- (no CPE)range: < 3.4.2-150200.11.60.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.