Unrated severityNVD Advisory· Published Feb 23, 2025· Updated Feb 24, 2025
FFmpeg AAC Encoder aacenc_tns.c ff_aac_search_for_tns stack-based overflow
CVE-2025-1594
Description
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13- osv-coords11 versionspkg:apk/chainguard/ffmpeg-7pkg:apk/wolfi/ffmpeg-7pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-7&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-8&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
< 7.1.1-r12+ 10 more
- (no CPE)range: < 7.1.1-r12
- (no CPE)range: < 7.1.1-r12
- (no CPE)range: < 4.4.7-2.1
- (no CPE)range: < 7.1.4-2.1
- (no CPE)range: < 8.1.1-3.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150600.13.47.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150600.13.47.1
Patches
Vulnerability mechanics
References
6- trac.ffmpeg.org/attachment/ticket/11418/pocmitreexploitissue-tracking
- vuldb.commitrethird-party-advisory
- ffmpeg.orgmitreproduct
- trac.ffmpeg.org/ticket/11418mitreissue-tracking
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.