UBUNTU-CVE-2025-59734
- Source
- https://ubuntu.com/security/CVE-2025-59734
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-59734.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-59734
- Upstream
- Published
- 2025-10-06T08:15:00Z
- Modified
- 2026-04-22T16:07:46.582574Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2. When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion < 2, the undecoded frame is stored, and decoded again when the FTCH chunks are parsed. However, in processframeobj if the frame has an invalid size, there’s an early return, with a value of 0. This causes the code in decodeframe to still store the raw frame buffer into ctx->storedframe. Leaving ctx->hasdimensions set to false. A subsequent chunk with type FTCH would call processftch and decode that frame obj again, adding to the top/left values and calling processframeobj again. Given that we never set ctx->havedimensions before, this time we set the dimensions, calling initbuffers, which can reallocate the buffer in ctx->storedframe, freeing the previous one. However, the GetByteContext object gb still holds a reference to the old buffer. Finally, when the code tries to decode the frame, codecs that accept a GetByteContext as a parameter will trigger a use-after-free read when using gb. GetByteContext is only used for reading bytes, so at most one could read invalid data. There are no heap allocations between the free and when the object is accessed. However, upon returning to processftch, the code restores the original values for top/left in storedframe, writing 4 bytes to the freed data at offset 6, potentially corrupting the allocator’s metadata. This issue can be triggered just by probing whether a file has the sanm format. We recommend upgrading to version 8.0 or beyond.
- References
Affected packages
Ubuntu:22.04:LTS
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:4.4.2-0ubuntu0.22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7:4.*
7:4.4-6ubuntu5
7:4.4.1-2ubuntu1
7:4.4.1-3ubuntu1
7:4.4.1-3ubuntu2
7:4.4.1-3ubuntu3
7:4.4.1-3ubuntu5
7:4.4.2-0ubuntu0.22.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavcodec-extra58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavcodec58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavdevice58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavfilter-extra7",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavfilter7",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavformat-extra",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavformat-extra58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavformat58",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libavutil56",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libpostproc55",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libswresample3",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
},
{
"binary_name": "libswscale5",
"binary_version": "7:4.4.2-0ubuntu0.22.04.1"
}
]
}Ubuntu:24.04:LTS
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:6.1.1-3ubuntu5?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7:6.*
7:6.0-6ubuntu1
7:6.0-9ubuntu1
7:6.1-2ubuntu1
7:6.1-3ubuntu1
7:6.1-4ubuntu1
7:6.1-5ubuntu1
7:6.1.1-1ubuntu1
7:6.1.1-3ubuntu1
7:6.1.1-3ubuntu5
Ecosystem specific
{
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavcodec-extra60",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavcodec60",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavdevice60",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavfilter-extra9",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavfilter9",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavformat-extra",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavformat-extra60",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavformat60",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libavutil58",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libpostproc57",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libswresample4",
"binary_version": "7:6.1.1-3ubuntu5"
},
{
"binary_name": "libswscale7",
"binary_version": "7:6.1.1-3ubuntu5"
}
]
}Ubuntu:25.10
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:7.1.1-1ubuntu4.2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7:7.*
7:7.1.1-1ubuntu1
7:7.1.1-1ubuntu2
7:7.1.1-1ubuntu3
7:7.1.1-1ubuntu4
7:7.1.1-1ubuntu4.1
7:7.1.1-1ubuntu4.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavcodec-extra61",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavcodec61",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavdevice61",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavfilter-extra10",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavfilter10",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavformat-extra",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavformat-extra61",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavformat61",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libavutil59",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libpostproc58",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libswresample5",
"binary_version": "7:7.1.1-1ubuntu4.2"
},
{
"binary_name": "libswscale8",
"binary_version": "7:7.1.1-1ubuntu4.2"
}
]
}Ubuntu:Pro:14.04:LTS
libav
Package
- Name
- libav
- Purl
- pkg:deb/ubuntu/libav@6:9.20-0ubuntu0.14.04.1+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6:0.*
6:0.8.7-1ubuntu2
6:9.*
6:9.10-1ubuntu1
6:9.10-1ubuntu2
6:9.10-1ubuntu5
6:9.10-1ubuntu6
6:9.10-1ubuntu7
6:9.11-2ubuntu1
6:9.11-2ubuntu2
6:9.13-0ubuntu0.14.04.1
6:9.14-0ubuntu0.14.04.1
6:9.16-0ubuntu0.14.04.1
6:9.18-0ubuntu0.14.04.1
6:9.20-0ubuntu0.14.04.1
6:9.20-0ubuntu0.14.04.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libav-tools",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavcodec-extra-54",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavcodec54",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavdevice-extra-53",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavdevice53",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavfilter-extra-3",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavfilter3",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavformat-extra-54",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavformat54",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavresample1",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavutil-extra-52",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libavutil52",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libswscale-extra-2",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
},
{
"binary_name": "libswscale2",
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1"
}
]
}Ubuntu:Pro:16.04:LTS
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:2.8.17-0ubuntu0.1+esm14?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7:2.*
7:2.7.2-1build1
7:2.8.1-1ubuntu1
7:2.8.2-1ubuntu1
7:2.8.3-1
7:2.8.4-1
7:2.8.4-1ubuntu1
7:2.8.4-1ubuntu2
7:2.8.4-1ubuntu3
7:2.8.4-1ubuntu4
7:2.8.6-1ubuntu1
7:2.8.6-1ubuntu2
7:2.8.8-0ubuntu0.16.04.1
7:2.8.10-0ubuntu0.16.04.1
7:2.8.11-0ubuntu0.16.04.1
7:2.8.14-0ubuntu0.16.04.1
7:2.8.15-0ubuntu0.16.04.1
7:2.8.15-0ubuntu0.16.04.1+esm1
7:2.8.17-0ubuntu0.1
7:2.8.17-0ubuntu0.1+esm1
7:2.8.17-0ubuntu0.1+esm2
7:2.8.17-0ubuntu0.1+esm3
7:2.8.17-0ubuntu0.1+esm4
7:2.8.17-0ubuntu0.1+esm5
7:2.8.17-0ubuntu0.1+esm6
7:2.8.17-0ubuntu0.1+esm7
7:2.8.17-0ubuntu0.1+esm8
7:2.8.17-0ubuntu0.1+esm9
7:2.8.17-0ubuntu0.1+esm10
7:2.8.17-0ubuntu0.1+esm11
7:2.8.17-0ubuntu0.1+esm12
7:2.8.17-0ubuntu0.1+esm13
7:2.8.17-0ubuntu0.1+esm14
Ecosystem specific
{
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libav-tools",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libavcodec-ffmpeg-extra56",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libavcodec-ffmpeg56",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libavdevice-ffmpeg56",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libavfilter-ffmpeg5",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libavformat-ffmpeg56",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libavresample-ffmpeg2",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libavutil-ffmpeg54",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libpostproc-ffmpeg53",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libswresample-ffmpeg1",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
},
{
"binary_name": "libswscale-ffmpeg3",
"binary_version": "7:2.8.17-0ubuntu0.1+esm14"
}
]
}Ubuntu:Pro:18.04:LTS
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:3.4.11-0ubuntu0.1+esm12?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7:3.*
7:3.3.4-2
7:3.3.4-2build3
7:3.4-2ubuntu2
7:3.4-4
7:3.4-4build1
7:3.4.1-1
7:3.4.1-1build1
7:3.4.2-1
7:3.4.2-1build1
7:3.4.2-2
7:3.4.4-0ubuntu0.18.04.1
7:3.4.6-0ubuntu0.18.04.1
7:3.4.8-0ubuntu0.2
7:3.4.11-0ubuntu0.1
7:3.4.11-0ubuntu0.1+esm1
7:3.4.11-0ubuntu0.1+esm2
7:3.4.11-0ubuntu0.1+esm3
7:3.4.11-0ubuntu0.1+esm4
7:3.4.11-0ubuntu0.1+esm5
7:3.4.11-0ubuntu0.1+esm6
7:3.4.11-0ubuntu0.1+esm7
7:3.4.11-0ubuntu0.1+esm8
7:3.4.11-0ubuntu0.1+esm9
7:3.4.11-0ubuntu0.1+esm10
7:3.4.11-0ubuntu0.1+esm11
7:3.4.11-0ubuntu0.1+esm12
Ecosystem specific
{
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libavcodec-extra57",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libavcodec57",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libavdevice57",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libavfilter-extra6",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libavfilter6",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libavformat57",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libavresample3",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libavutil55",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libpostproc54",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libswresample2",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
},
{
"binary_name": "libswscale4",
"binary_version": "7:3.4.11-0ubuntu0.1+esm12"
}
]
}Ubuntu:Pro:20.04:LTS
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:4.2.7-0ubuntu0.1+esm12?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7:4.*
7:4.1.4-1build2
7:4.2.1-2
7:4.2.1-2ubuntu1
7:4.2.2-1build1
7:4.2.2-1ubuntu1
7:4.2.4-1ubuntu0.1
7:4.2.4-1ubuntu0.1+esm1
7:4.2.7-0ubuntu0.1
7:4.2.7-0ubuntu0.1+esm1
7:4.2.7-0ubuntu0.1+esm2
7:4.2.7-0ubuntu0.1+esm3
7:4.2.7-0ubuntu0.1+esm4
7:4.2.7-0ubuntu0.1+esm5
7:4.2.7-0ubuntu0.1+esm6
7:4.2.7-0ubuntu0.1+esm7
7:4.2.7-0ubuntu0.1+esm8
7:4.2.7-0ubuntu0.1+esm9
7:4.2.7-0ubuntu0.1+esm10
7:4.2.7-0ubuntu0.1+esm11
7:4.2.7-0ubuntu0.1+esm12
Ecosystem specific
{
"binaries": [
{
"binary_name": "ffmpeg",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libavcodec-extra",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libavcodec-extra58",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libavcodec58",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libavdevice58",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libavfilter-extra",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libavfilter-extra7",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libavfilter7",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libavformat58",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libavresample4",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libavutil56",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libpostproc55",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libswresample3",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
},
{
"binary_name": "libswscale5",
"binary_version": "7:4.2.7-0ubuntu0.1+esm12"
}
]
}