UBUNTU-CVE-2025-1816

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-1816

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-1816.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-1816

Related

CVE-2025-1816

Published

2025-03-02T14:15:00Z

Modified

2025-04-23T15:02:15Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audioelementobu of the file libavformat/iamfparse.c of the component IAMF File Handler. The manipulation of the argument numparameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.

References

Affected packages

Ubuntu:Pro:14.04:LTS / libav

Package

Name: libav
Purl: pkg:deb/ubuntu/libav@6:9.20-0ubuntu0.14.04.1+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6:0.*

6:0.8.7-1ubuntu2

6:9.*

6:9.10-1ubuntu1

6:9.10-1ubuntu2

6:9.10-1ubuntu5

6:9.10-1ubuntu6

6:9.10-1ubuntu7

6:9.11-2ubuntu1

6:9.11-2ubuntu2

6:9.13-0ubuntu0.14.04.1

6:9.14-0ubuntu0.14.04.1

6:9.16-0ubuntu0.14.04.1

6:9.18-0ubuntu0.14.04.1

6:9.20-0ubuntu0.14.04.1

6:9.20-0ubuntu0.14.04.1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:2.8.17-0ubuntu0.1+esm9?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:2.*

7:2.7.2-1build1

7:2.8.1-1ubuntu1

7:2.8.2-1ubuntu1

7:2.8.3-1

7:2.8.4-1

7:2.8.4-1ubuntu1

7:2.8.4-1ubuntu2

7:2.8.4-1ubuntu3

7:2.8.4-1ubuntu4

7:2.8.6-1ubuntu1

7:2.8.6-1ubuntu2

7:2.8.8-0ubuntu0.16.04.1

7:2.8.10-0ubuntu0.16.04.1

7:2.8.11-0ubuntu0.16.04.1

7:2.8.14-0ubuntu0.16.04.1

7:2.8.15-0ubuntu0.16.04.1

7:2.8.15-0ubuntu0.16.04.1+esm1

7:2.8.17-0ubuntu0.1

7:2.8.17-0ubuntu0.1+esm1

7:2.8.17-0ubuntu0.1+esm2

7:2.8.17-0ubuntu0.1+esm3

7:2.8.17-0ubuntu0.1+esm4

7:2.8.17-0ubuntu0.1+esm5

7:2.8.17-0ubuntu0.1+esm6

7:2.8.17-0ubuntu0.1+esm7

7:2.8.17-0ubuntu0.1+esm8

7:2.8.17-0ubuntu0.1+esm9

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:3.4.11-0ubuntu0.1+esm7?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:3.*

7:3.3.4-2

7:3.3.4-2build3

7:3.4-2ubuntu2

7:3.4-4

7:3.4-4build1

7:3.4.1-1

7:3.4.1-1build1

7:3.4.2-1

7:3.4.2-1build1

7:3.4.2-2

7:3.4.4-0ubuntu0.18.04.1

7:3.4.6-0ubuntu0.18.04.1

7:3.4.8-0ubuntu0.2

7:3.4.11-0ubuntu0.1

7:3.4.11-0ubuntu0.1+esm1

7:3.4.11-0ubuntu0.1+esm2

7:3.4.11-0ubuntu0.1+esm3

7:3.4.11-0ubuntu0.1+esm4

7:3.4.11-0ubuntu0.1+esm5

7:3.4.11-0ubuntu0.1+esm6

7:3.4.11-0ubuntu0.1+esm7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:4.2.7-0ubuntu0.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:4.*

7:4.1.4-1build2

7:4.2.1-2

7:4.2.1-2ubuntu1

7:4.2.2-1build1

7:4.2.2-1ubuntu1

7:4.2.4-1ubuntu0.1

7:4.2.7-0ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:4.4.2-0ubuntu0.22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:4.*

7:4.4-6ubuntu5

7:4.4.1-2ubuntu1

7:4.4.1-3ubuntu1

7:4.4.1-3ubuntu2

7:4.4.1-3ubuntu3

7:4.4.1-3ubuntu5

7:4.4.2-0ubuntu0.22.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:7.0.2-3ubuntu1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:6.*

7:6.1.1-3ubuntu5

7:6.1.1-4ubuntu1

7:6.1.1-4ubuntu2

7:6.1.1-4ubuntu3

7:6.1.1-5ubuntu1

7:6.1.1-5ubuntu2

7:6.1.1-5ubuntu3

7:7.*

7:7.0.2-1ubuntu1

7:7.0.2-3ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:6.1.1-3ubuntu5?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:6.*

7:6.0-6ubuntu1

7:6.0-9ubuntu1

7:6.1-2ubuntu1

7:6.1-3ubuntu1

7:6.1-4ubuntu1

7:6.1-5ubuntu1

7:6.1.1-1ubuntu1

7:6.1.1-3ubuntu1

7:6.1.1-3ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:7.1.1-1ubuntu1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:7.*

7:7.0.2-3ubuntu1

7:7.1-3ubuntu1

7:7.1-3ubuntu2

7:7.1-3ubuntu3

7:7.1-4ubuntu1

7:7.1-4ubuntu2

7:7.1.1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}