CVE-2025-22921
MEDIUMFFmpeg N-113007-g8d24a28d06 - NULL Pointer Dereference in JPEG2000 Decoder
Title source: llmDescription
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.
References (2)
Core 2
Core References
Issue Tracking
https://trac.ffmpeg.org/ticket/11393
Scores
CVSS v3
6.5
EPSS
0.0015
EPSS Percentile
35.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (13)
debian/debian_linux
11.0
ffmpeg/ffmpeg
7.0
ffmpeg/ffmpeg
7.0.1
ffmpeg/ffmpeg
7.0.2
ffmpeg/ffmpeg
7.0.3
ffmpeg/ffmpeg
7.1 (2 CPE variants)
ffmpeg/ffmpeg
7.1.1
ffmpeg/ffmpeg
7.1.2
ffmpeg/ffmpeg
7.1.3
ffmpeg/ffmpeg
7.2 dev
... and 3 more
Published
Feb 18, 2025
Tracked Since
Feb 18, 2026