CVE-2025-9951 | THREATINT

Description

A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

PUBLISHED Reserved 2025-09-03 | Published 2025-09-09 | Updated 2025-09-10 | Assigner Google

HIGH: 7.2CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status

unaffected

< 8.0

affected

References

github.com/...search/security/advisories/GHSA-39q3-f8jq-v6mg

cve.org (CVE-2025-9951)

nvd.nist.gov (CVE-2025-9951)

Download JSON