VDB
DEBIAN-CVE-2025-1594
DEBIAN-CVE-2025-1594
PUBLISHED
CVSS 8.800000190734863 HIGH
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | ffmpeg | 5.1.7-0, 5.1.3-2, 5.1.4-0 |
| Debian:14 | ffmpeg | 0, 0, 7.1.1-1 |
| Debian:11 | ffmpeg | 4.3.5-0, 4.3.6-0, 4.3.7-0 |
| Debian:13 | ffmpeg | 7:7.1.1-1, 0, 7.1.1-1 |
Timeline
- Feb 23, 2025 CVE Published
- Apr 28, 2026 CVE Updated