Primary

Context

FFmpeg Heap-Buffer-Overflow Vulnerability in SANM Decoding

Vulnerability

Patched

A heap-buffer-overflow vulnerability has been identified in FFmpeg when decoding SANM files using codec 48. The issue arises because the decoder does not properly check if the decoded data fits within the allocated buffer, leading to a potential memory corruption. This vulnerability is present in versions of FFmpeg prior to 8.0.

Impact

Exploitation of this vulnerability leads to a heap-buffer-overflow, which can commonly result in memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a SANM file that includes a frame encoded with codec 48. This frame should specify a resolution that causes the allocated buffer to be smaller than the actual size of the decoded data when run-length encoding is applied. Once this file is created, it can be processed with FFmpeg's 'ffprobe' tool, which will trigger the overflow and be detected by AddressSanitizer.

Remediation

Users are advised to upgrade to FFmpeg version 8.0 or later.

Added: Oct 6, 2025, 8:19 AM

Updated: Oct 6, 2025, 3:14 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FFmpeg Heap-Buffer-Overflow Vulnerability in SANM Decoding

Vulnerability

Impact

Reproduction

Remediation

Affected Products

FFmpeg

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating