{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1816", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-01T14:16:10.989Z", "datePublished": "2025-03-02T14:00:07.515Z", "dateUpdated": "2025-03-03T20:12:37.842Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-02T14:00:07.515Z"}, "title": "FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-401", "lang": "en", "description": "Memory Leak"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "FFmpeg", "versions": [{"version": "6e26f57f672b05e7b8b052007a83aef99dc81ccb", "status": "affected"}], "modules": ["IAMF File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in FFmpeg bis 6e26f57f672b05e7b8b052007a83aef99dc81ccb entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion audio_element_obu der Datei libavformat/iamf_parse.c der Komponente IAMF File Handler. Dank der Manipulation des Arguments num_parameters mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 0526535cd58444dd264e810b2f3348b4d96cff3b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "timeline": [{"time": "2025-03-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-01T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-01T15:21:16.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "0x20z (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.298089", "name": "VDB-298089 | FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.298089", "name": "VDB-298089 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.506575", "name": "Submit #506575 | FFmpeg git master Memory Leak", "tags": ["third-party-advisory"]}, {"url": "https://trac.ffmpeg.org/ticket/11475", "tags": ["issue-tracking"]}, {"url": "https://trac.ffmpeg.org/attachment/ticket/11475/poc", "tags": ["exploit", "issue-tracking"]}, {"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0526535cd58444dd264e810b2f3348b4d96cff3b", "tags": ["patch"]}, {"url": "https://ffmpeg.org/", "tags": ["product"]}]}, "adp": [{"references": [{"url": "https://trac.ffmpeg.org/ticket/11475", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-03T20:12:17.527727Z", "id": "CVE-2025-1816", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T20:12:37.842Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1816", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-01T14:16:10.989Z", "datePublished": "2025-03-02T14:00:07.515Z", "dateUpdated": "2025-03-03T20:12:37.842Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-02T14:00:07.515Z"}, "title": "FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-401", "lang": "en", "description": "Memory Leak"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "FFmpeg", "versions": [{"version": "6e26f57f672b05e7b8b052007a83aef99dc81ccb", "status": "affected"}], "modules": ["IAMF File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in FFmpeg bis 6e26f57f672b05e7b8b052007a83aef99dc81ccb entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion audio_element_obu der Datei libavformat/iamf_parse.c der Komponente IAMF File Handler. Dank der Manipulation des Arguments num_parameters mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 0526535cd58444dd264e810b2f3348b4d96cff3b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "timeline": [{"time": "2025-03-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-01T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-01T15:21:16.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "0x20z (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.298089", "name": "VDB-298089 | FFmpeg IAMF File iamf_parse.c audio_element_obu memory leak", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.298089", "name": "VDB-298089 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.506575", "name": "Submit #506575 | FFmpeg git master Memory Leak", "tags": ["third-party-advisory"]}, {"url": "https://trac.ffmpeg.org/ticket/11475", "tags": ["issue-tracking"]}, {"url": "https://trac.ffmpeg.org/attachment/ticket/11475/poc", "tags": ["exploit", "issue-tracking"]}, {"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0526535cd58444dd264e810b2f3348b4d96cff3b", "tags": ["patch"]}, {"url": "https://ffmpeg.org/", "tags": ["product"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1816", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-03T20:12:17.527727Z"}}}], "references": [{"url": "https://trac.ffmpeg.org/ticket/11475", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T17:17:53.008Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en FFmpeg hasta 6e26f57f672b05e7b8b052007a83aef99dc81ccb. Afecta a la funci\u00f3n audio_element_obu del archivo libavformat/iamf_parse.c del componente IAMF File Handler. La manipulaci\u00f3n del argumento num_parameters provoca una fuga de memoria. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El identificador del parche es 0526535cd58444dd264e810b2f3348b4d96cff3b. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2025-1816", "lastModified": "2025-03-03T20:15:44.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-02T14:15:34.123", "references": [{"source": "cna@vuldb.com", "url": "https://ffmpeg.org/"}, {"source": "cna@vuldb.com", "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0526535cd58444dd264e810b2f3348b4d96cff3b"}, {"source": "cna@vuldb.com", "url": "https://trac.ffmpeg.org/attachment/ticket/11475/poc"}, {"source": "cna@vuldb.com", "url": "https://trac.ffmpeg.org/ticket/11475"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.298089"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.298089"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.506575"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://trac.ffmpeg.org/ticket/11475"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}, {"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}