CVE-2025-59730 MEDIUM

CVE-2025-59730: Heap-buffer-overflow write in FFmpeg SANM decoding due to lack of bounds-checking in old_codec48

Vendor Ffmpeg
Product FFmpeg
Weakness CWE-787
Published October 6, 2025
Last update October 6, 2025

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N

What the vulnerability does

01Description

When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow. process_frame_obj initializes the buffers based on the frame resolution: We recommend upgrading to version 8.0 or beyond.

Key dates

02Disclosure timeline

October 6, 2025 CVE published
October 6, 2025 Record updated