JLSEC-2025-101

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-101.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-101.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2025-101

Upstream

CVE-2019-1000016

Published

2025-10-19T19:08:53.760Z

Modified

2025-11-06T23:02:29.591065Z

Summary

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcode...

Details

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.

Database specific

{
    "sources": [
        {
            "id": "CVE-2019-1000016",
            "published": "2019-02-04T21:29:01.283Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1000016",
            "imported": "2025-10-18T14:07:17.039Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1000016",
            "modified": "2024-11-21T04:17:41.023Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f

Affected packages

Julia / FFMPEG_jll

Package

Name: FFMPEG_jll
Purl: pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.1+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-101.json"