SB2025060802 - Input validation error in FFmpeg

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025060802

SB2025060802 - Input validation error in FFmpeg

Published: June 8, 2025

Security Bulletin ID SB2025060802
Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Input validation error (CVE-ID: CVE-2013-0858)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.


Remediation

Install update from vendor's website.

References