FFmpeg Integer Overflow Vulnerability in libswscale Output Color Space Conversion

Vulnerability

A vulnerability allowing integer overflow has been identified in FFmpeg version 8.0. This issue arises in the 'yuv2ya16_X_c_template' function within 'libswscale/output.c'. The overflow occurs during the processing of pixel values, which can lead to undefined behavior when converting colors from YUV to YA16 formats. The problem stems from the multiplication of pixel values and filter coefficients, which can exceed the limits of signed integers, potentially causing memory corruption or other unintended effects.

Impact

Exploitation of this vulnerability can lead to memory corruption, causing undefined behavior in the application. Such issues can often be exploited to execute arbitrary code or cause a crash.

Remediation

Users can upgrade to FFmpeg versions 8.0.1, 7.1.2, or 7.0.3, where this vulnerability has been fixed.

Added: Dec 18, 2025, 5:35 PM
Updated: Dec 18, 2025, 8:52 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
0.6
exploitability
4.7
remediation
7.7
relevance
0.9
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.