High severityNVD Advisory· Published Sep 9, 2025· Updated Apr 15, 2026
CVE-2025-9951
CVE-2025-9951
Description
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords13 versionspkg:apk/chainguard/ffmpeg-7pkg:apk/chainguard/ffmpeg-7.1pkg:apk/wolfi/ffmpeg-7pkg:apk/wolfi/ffmpeg-7.1pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-7&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-8&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
< 7.1.1-r11+ 12 more
- (no CPE)range: < 7.1.1-r11
- (no CPE)range: < 7.1.2-r0
- (no CPE)range: < 7.1.1-r11
- (no CPE)range: < 7.1.2-r0
- (no CPE)range: < 4.4.7-2.1
- (no CPE)range: < 7.1.4-2.1
- (no CPE)range: < 8.1.1-3.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150600.13.47.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150600.13.47.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.