JLSEC-2025-148

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-148.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-148.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2025-148
Upstream
Published
2025-10-19T19:08:53.760Z
Modified
2025-11-06T23:03:28.463642Z
Summary
A flaw was found in FFmpeg
Details

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

Database specific 
{
    "sources": [
        {
            "modified": "2025-08-05T18:05:55.853Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-6604",
            "id": "CVE-2023-6604",
            "imported": "2025-10-18T14:07:17.241Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6604",
            "published": "2025-01-06T17:15:14.413Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / FFMPEG_jll

Package

Name
FFMPEG_jll
Purl
pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.1+0

Julia / FFplay_jll

Package

Name
FFplay_jll
Purl
pkg:julia/FFplay_jll?uuid=c4dce911-e170-5107-8314-c7bdc6785395

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.0+0