{"id":"JLSEC-2025-151","summary":"A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1","details":"A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.","modified":"2025-11-06T23:03:44.832590Z","published":"2025-10-19T19:08:53.760Z","upstream":["CVE-2025-1594"],"database_specific":{"sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-1594","imported":"2025-10-18T14:07:17.244Z","published":"2025-02-23T21:15:09.130Z","id":"CVE-2025-1594","modified":"2025-06-03T18:04:04.387Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1594"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://ffmpeg.org/"},{"type":"WEB","url":"https://trac.ffmpeg.org/attachment/ticket/11418/poc"},{"type":"WEB","url":"https://trac.ffmpeg.org/ticket/11418#comment:3"},{"type":"WEB","url":"https://vuldb.com/?ctiid.296589"},{"type":"WEB","url":"https://vuldb.com/?id.296589"},{"type":"WEB","url":"https://vuldb.com/?submit.496929"}],"affected":[{"package":{"name":"FFMPEG_jll","ecosystem":"Julia","purl":"pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"7.1.1+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-151.json"}},{"package":{"name":"FFplay_jll","ecosystem":"Julia","purl":"pkg:julia/FFplay_jll?uuid=c4dce911-e170-5107-8314-c7bdc6785395"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"7.1.1+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-151.json"}}],"schema_version":"1.7.3"}