CVE-2025-12343 — Vulnetix

CVE-2025-12343 PUBLISHED CVSS 3.299999952316284 LOW

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.

EPSS 0.00% · 0.2th percentile

Risk Scores

CVSS v3.1

3.299999952316284

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

EPSS Score

0.00%

0.2th percentile

Affected Products

Vendor	Product	Versions
ffmpeg	ffmpeg	6.1, 6.1
		6.1, 6.1

Timeline

Oct 27, 2025 CVE ID Reserved
Feb 18, 2026 CVE Published
Feb 19, 2026 EPSS Score
Feb 21, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 24, 2026 EPSS Score
Feb 25, 2026 CVE Updated
Feb 26, 2026 EPSS Score
Feb 27, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 3, 2026 EPSS Score
Mar 5, 2026 EPSS Score

References

https://access.redhat.com/security/cve/CVE-2025-12343 vdb
RHBZ#2406533 issue
https://nvd.nist.gov/vuln/detail/CVE-2025-12343 advisory

Open in Interactive Console →