Buffer overflow in Ffmpeg
CVE-2025-9951
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
Vulnerability class: Buffer Overflow
EPSS: 0.004 (29.1th percentile) — read the EPSS interpretation.
Affected products
- Ffmpeg — versions < 8.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-9951?
- CVE-2025-9951 is a vulnerability in Ffmpeg, classified under Heap-based Buffer Overflow. Published 2025-09-09.
- Is CVE-2025-9951 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.