CVE-2025-22921 Affecting ffmpeg package, versions <7:4.3.8-0+deb11u3


Severity

Recommended
low

Based on default assessment until relevant scores are available.

Threat Intelligence

EPSS
0.04% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN11-FFMPEG-8746683
  • published26 Feb 2025
  • disclosed18 Feb 2025

Introduced: 18 Feb 2025

CVE-2025-22921  (opens in a new tab)

How to fix?

Upgrade Debian:11 ffmpeg to version 7:4.3.8-0+deb11u3 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream ffmpeg package and not the ffmpeg package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.

CVSS Base Scores

version 3.1