Buffer overflow in Ffmpeg

CVE-2025-9951

A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

Vulnerability class: Buffer Overflow

EPSS: 0.004 (29.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-9951?
CVE-2025-9951 is a vulnerability in Ffmpeg, classified under Heap-based Buffer Overflow. Published 2025-09-09.
Is CVE-2025-9951 known to be exploited?
2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.