CVE-2025-9951

Severity CVSS v4.0:

HIGH

Type:

CWE-122 Heap-based Buffer Overflow

Publication date:

09/09/2025

Last modified:

09/09/2025

Description

A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H CVSS v4.0 Severity and Metrics:

Base Score: 7.20 HIGH
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

Attack Vector (AV): Network
Attack Complexity (AC): High
Attack Requirements (AT): None
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): None
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): High
Availability (SA): High

Base Score 4.0

7.20

Severity 4.0

HIGH

References to Advisories, Solutions, and Tools

https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg