It was discovered that FFmpeg incorrectly handled the return values of functions in its Firequalizer filter and in the HTTP Live Streaming (HLS) implementation, leading to a NULL pointer dereference. If a user was tricked into loading a crafted media file, a remote attacker could possibly use this issue to make FFmpeg crash, resulting in a denial of service. (CVE-2023-6603, CVE-2025-10256) It was discovered that FFmpeg did not enforce an input format before triggering the HTTP demuxer. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-6605) It was discovered that FFmpeg incorrectly handled memory allocation in the ALS audio decoder. If a user was tricked into loading a crafted media file, a remote attacker could possibly use this issue to make FFmpeg crash, resulting in a denial of service. (CVE-2025-7700) It was discovered that FFmpeg incorrectly handled memory in the JPEG 2000 decoder, which could lead to a heap buffer overflow. If a user or application were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or leak sensitive information. (CVE-2025-9951)
Continue reading...
Continue reading...
