{"id":"CVE-2025-0518","details":"Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files  https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C .\n\nThis issue affects FFmpeg: 7.1.\n\nIssue was fixed:  https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a\n\n https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman","modified":"2026-03-03T01:23:20.798028Z","published":"2025-01-16T17:15:12.577Z","related":["CGA-8ffj-x63q-rv82","MGASA-2025-0085","SUSE-SU-2025:0862-1","SUSE-SU-2025:1128-1","SUSE-SU-2025:1450-1","openSUSE-SU-2025:14833-1","openSUSE-SU-2025:14834-1","openSUSE-SU-2025:15010-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00037.html"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"fixed":"b5b6391d64807578ab872dc58fb8aa621dcfc38a"}]}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev","n3.5-dev","n4.1-dev","n4.2-dev","n4.3-dev","n4.4-dev","n4.5-dev","n5.1-dev","n5.2-dev","n6.1-dev","n6.2-dev","n7.1-dev","n7.2-dev"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a","deprecated":false,"id":"CVE-2025-0518-00626213","target":{"function":"init","file":"libavfilter/af_pan.c"},"digest":{"length":3199,"function_hash":"179449618640503475677325638784555393387"},"signature_type":"Function"},{"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a","deprecated":false,"id":"CVE-2025-0518-8e78efe1","target":{"file":"libavfilter/af_pan.c"},"digest":{"line_hashes":["596763915637817527666024439876900225","130993731208131272565056867250015286029","322112114579730576480112407988289303492","103623067970097640017997411768966989204"],"threshold":0.9},"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0518.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}