UBUNTU-CVE-2025-59728
- Source
- https://ubuntu.com/security/CVE-2025-59728
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-59728.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-59728
- Upstream
- Downstream
- Related
- Published
- 2025-10-06T08:15:00Z
- Modified
- 2026-02-04T03:29:01.325771Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is not an empty string, it is assigned to root_url at [1].If the last (non-NUL) byte in this buffer is not '/' then we append '/' in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer. We recommend upgrading to version 8.0 or beyond.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / libav
Package
- Name
- libav
- Purl
- pkg:deb/ubuntu/libav@6:9.20-0ubuntu0.14.04.1+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6:0.*
6:0.8.7-1ubuntu2
6:9.*
6:9.10-1ubuntu1
6:9.10-1ubuntu2
6:9.10-1ubuntu5
6:9.10-1ubuntu6
6:9.10-1ubuntu7
6:9.11-2ubuntu1
6:9.11-2ubuntu2
6:9.13-0ubuntu0.14.04.1
6:9.14-0ubuntu0.14.04.1
6:9.16-0ubuntu0.14.04.1
6:9.18-0ubuntu0.14.04.1
6:9.20-0ubuntu0.14.04.1
6:9.20-0ubuntu0.14.04.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libav-tools"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec-extra-54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavdevice-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavdevice-extra-53"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavdevice53"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavfilter-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavfilter-extra-3"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavfilter3"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavformat-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavformat-extra-54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavformat54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavresample-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavresample1"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavutil-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavutil-extra-52"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavutil52"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libswscale-dev"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libswscale-extra-2"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libswscale2"
}
]
}
Ubuntu:Pro:20.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:4.2.7-0ubuntu0.1+esm12?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:4.2.7-0ubuntu0.1+esm12
Affected versions
7:4.*
7:4.1.4-1build2
7:4.2.1-2
7:4.2.1-2ubuntu1
7:4.2.2-1build1
7:4.2.2-1ubuntu1
7:4.2.4-1ubuntu0.1
7:4.2.4-1ubuntu0.1+esm1
7:4.2.7-0ubuntu0.1
7:4.2.7-0ubuntu0.1+esm1
7:4.2.7-0ubuntu0.1+esm2
7:4.2.7-0ubuntu0.1+esm3
7:4.2.7-0ubuntu0.1+esm4
7:4.2.7-0ubuntu0.1+esm5
7:4.2.7-0ubuntu0.1+esm6
7:4.2.7-0ubuntu0.1+esm7
7:4.2.7-0ubuntu0.1+esm8
7:4.2.7-0ubuntu0.1+esm9
7:4.2.7-0ubuntu0.1+esm10
7:4.2.7-0ubuntu0.1+esm11
Ecosystem specific
{
"binaries": [
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavcodec-dev"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavcodec-extra58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavcodec58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavdevice-dev"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavdevice58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavfilter-dev"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavfilter-extra7"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavfilter7"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavformat-dev"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavformat58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavresample-dev"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavresample4"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavutil-dev"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libavutil56"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libpostproc-dev"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libpostproc55"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libswresample-dev"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libswresample3"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libswscale-dev"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm12",
"binary_name": "libswscale5"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:Pro:22.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:4.4.2-0ubuntu0.22.04.1+esm11?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:4.4.2-0ubuntu0.22.04.1+esm11
Affected versions
7:4.*
7:4.4-6ubuntu5
7:4.4.1-2ubuntu1
7:4.4.1-3ubuntu1
7:4.4.1-3ubuntu2
7:4.4.1-3ubuntu3
7:4.4.1-3ubuntu5
7:4.4.2-0ubuntu0.22.04.1
7:4.4.2-0ubuntu0.22.04.1+esm1
7:4.4.2-0ubuntu0.22.04.1+esm2
7:4.4.2-0ubuntu0.22.04.1+esm3
7:4.4.2-0ubuntu0.22.04.1+esm4
7:4.4.2-0ubuntu0.22.04.1+esm5
7:4.4.2-0ubuntu0.22.04.1+esm6
7:4.4.2-0ubuntu0.22.04.1+esm7
7:4.4.2-0ubuntu0.22.04.1+esm8
7:4.4.2-0ubuntu0.22.04.1+esm9
7:4.4.2-0ubuntu0.22.04.1+esm10
Ecosystem specific
{
"binaries": [
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavcodec-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavcodec-extra58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavcodec58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavdevice-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavdevice58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavfilter-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavfilter-extra7"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavfilter7"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavformat-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavformat-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavformat-extra58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavformat58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavutil-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libavutil56"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libpostproc-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libpostproc55"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libswresample-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libswresample3"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libswscale-dev"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm11",
"binary_name": "libswscale5"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:Pro:24.04:LTS / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:6.1.1-3ubuntu5+esm7?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:6.1.1-3ubuntu5+esm7
Affected versions
7:6.*
7:6.0-6ubuntu1
7:6.0-9ubuntu1
7:6.1-2ubuntu1
7:6.1-3ubuntu1
7:6.1-4ubuntu1
7:6.1-5ubuntu1
7:6.1.1-1ubuntu1
7:6.1.1-3ubuntu1
7:6.1.1-3ubuntu5
7:6.1.1-3ubuntu5+esm1
7:6.1.1-3ubuntu5+esm2
7:6.1.1-3ubuntu5+esm3
7:6.1.1-3ubuntu5+esm4
7:6.1.1-3ubuntu5+esm5
7:6.1.1-3ubuntu5+esm6
Ecosystem specific
{
"binaries": [
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavcodec-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavcodec-extra60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavcodec60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavdevice-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavdevice60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavfilter-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavfilter-extra9"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavfilter9"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavformat-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavformat-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavformat-extra60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavformat60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavutil-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libavutil58"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libpostproc-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libpostproc57"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libswresample-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libswresample4"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libswscale-dev"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm7",
"binary_name": "libswscale7"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:25.10 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:7.1.1-1ubuntu4.2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:7.1.1-1ubuntu4.2
Affected versions
7:7.*
7:7.1.1-1ubuntu1
7:7.1.1-1ubuntu2
7:7.1.1-1ubuntu3
7:7.1.1-1ubuntu4
7:7.1.1-1ubuntu4.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavcodec-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavcodec-extra61"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavcodec61"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavdevice-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavdevice61"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavfilter-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavfilter-extra10"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavfilter10"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavformat-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavformat-extra"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavformat-extra61"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavformat61"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavutil-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libavutil59"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libpostproc-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libpostproc58"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libswresample-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libswresample5"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libswscale-dev"
},
{
"binary_version": "7:7.1.1-1ubuntu4.2",
"binary_name": "libswscale8"
}
],
"availability": "No subscription required"
}