Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

CVE-2025-0518 | Mondoo Vulnerability Intelligence

CVE-2025-0518

MEDIUM4.8

Unchecked sscanf return value which leads to memory data leak

Published Jan 16, 2025

Modified 2 months ago

No fix available

Details

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C .

This issue affects FFmpeg: 7.1.

Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a

https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman

References

WEBhttps://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a WEBhttps://lists.debian.org/debian-lts-announce/2025/02/msg00037.html ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-0518

CVSS Analysis

CVSS v4.0

4.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

ActiveUI:A

Vulnerable System

Vuln. Confidentiality

LowVC:L

Vuln. Integrity

NoneVI:N

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

LowSC:L

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

4.8/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Weakness Type (CWE)

Memory Safety

CWE-125

Out-of-bounds Read

Other

CWE-252

Ecosystems

Timeline

PublishedJan 16, 2025

ModifiedNov 3, 2025