Bug 2401802 (CVE-2025-59730) - CVE-2025-59730 FFmpeg: Heap-buffer-overflow write in FFmpeg SANM decoding due to lack of bounds-checking in old_codec48
Summary: CVE-2025-59730 FFmpeg: Heap-buffer-overflow write in FFmpeg SANM decoding due...
Keywords:
Status: NEW
Alias: CVE-2025-59730
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2401821 2401822 2401824 2401829 2401836 2401841 2401847 2401851 2401854
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-06 09:01 UTC by OSIDB Bzimport
Modified: 2025-10-06 10:44 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-10-06 09:01:46 UTC 
When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it.

Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution.

This codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow.

process_frame_obj initializes the buffers based on the frame resolution:



We recommend upgrading to version 8.0 or beyond.
Note You need to log in before you can comment on or make changes to this bug.