Vulnerability-Lookup

CVE-2025-9951 (GCVE-0-2025-9951)

Vulnerability from cvelistv5 – Published: 2025-09-09 13:54 – Updated: 2026-02-26 17:49

Title

Remote code execution via Heap Buffer Overflow in FFmpeg JPEG2000

Summary

A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

Severity

7.2 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

Google

References

1 reference

URL	Tags
https://github.com/google/security-research/secur…

Impacted products

1 product

Vendor	Product	Version
FFmpeg	FFmpeg	Affected: < 8.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9951",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-10T03:56:07.226810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:49:05.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FFmpeg",
          "vendor": "FFmpeg",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 8.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000."
            }
          ],
          "value": "A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-09T13:54:08.497Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Remote code execution via Heap Buffer Overflow in FFmpeg JPEG2000",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2025-9951",
    "datePublished": "2025-09-09T13:54:08.497Z",
    "dateReserved": "2025-09-03T13:48:20.280Z",
    "dateUpdated": "2026-02-26T17:49:05.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-9951",
      "date": "2026-05-27",
      "epss": "0.00778",
      "percentile": "0.73876"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-9951\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2025-09-09T14:15:49.720\",\"lastModified\":\"2025-09-09T16:28:43.660\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg\",\"source\":\"cve-coordination@google.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9951\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-09T14:20:36.982390Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-09T14:05:21.348Z\"}}], \"cna\": {\"title\": \"Remote code execution via Heap Buffer Overflow in FFmpeg JPEG2000\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-253\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-253 Remote Code Inclusion\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"FFmpeg\", \"product\": \"FFmpeg\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 8.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122 Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2025-09-09T13:54:08.497Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-9951\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-10T03:56:06.671Z\", \"dateReserved\": \"2025-09-03T13:48:20.280Z\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2025-09-09T13:54:08.497Z\", \"assignerShortName\": \"Google\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2025-15661

Vulnerability from fstec - Published: 04.08.2025

Title

Уязвимость компонента jpeg2000dec мультимедийной библиотеки FFmpeg, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Description

Уязвимость компонента jpeg2000dec мультимедийной библиотеки FFmpeg связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, нарушить целостность данных, а также вызвать отказ в обслуживании с помощью специально созданного JP2-файла

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Vendor

ООО «РусБИТех-Астра», FFmpeg team, Google Inc

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), FFmpeg, Android Studio

Software Version

1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 «Смоленск» (Astra Linux Common Edition), 1.8 (Astra Linux Special Edition), до 5.1.7 (FFmpeg), от 5.2 до 6.1.3 (FFmpeg), от 6.2 до 7.1.2 (FFmpeg), 2025.2.3.9 (Android Studio)

Possible Mitigations

Использование рекомендаций: Для FFmpeg: https://github.com/FFmpeg/FFmpeg/commit/01a292c7e36545ddeb3c7f79cd02e2611cd37d73 Для ОС Astra Linux: обновить пакет ffmpeg до 7:5.1.6-0+deb12u1.astra2+ci8 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18 Для ОС Astra Linux: - обновить пакет ffmpeg до 7:4.1.11-0+deb10u4+ci6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17 - обновить пакет ffmpeg5 до 7:5.1.3-4astra1+ci6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17 Для ОС Astra Linux: - обновить пакет ffmpeg до 7:4.1.11-0+deb10u4+ci6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47 - обновить пакет ffmpeg5 до 7:5.1.3-4astra1+ci6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47 Для ОС Astra Linux: обновить пакет ffmpeg до 7:3.2.19-0+deb9u7+ci2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16

Reference

https://github.com/FFmpeg/FFmpeg/commit/01a292c7e36545ddeb3c7f79cd02e2611cd37d73 https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16

CWE

CWE-122

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, FFmpeg team, Google Inc",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), 1.8 (Astra Linux Special Edition), \u0434\u043e 5.1.7 (FFmpeg), \u043e\u0442 5.2 \u0434\u043e 6.1.3 (FFmpeg), \u043e\u0442 6.2 \u0434\u043e 7.1.2 (FFmpeg), 2025.2.3.9 (Android Studio)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f FFmpeg:\nhttps://github.com/FFmpeg/FFmpeg/commit/01a292c7e36545ddeb3c7f79cd02e2611cd37d73\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg \u0434\u043e 7:5.1.6-0+deb12u1.astra2+ci8 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg \u0434\u043e 7:4.1.11-0+deb10u4+ci6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg5 \u0434\u043e 7:5.1.3-4astra1+ci6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg \u0434\u043e 7:4.1.11-0+deb10u4+ci6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg5 \u0434\u043e 7:5.1.3-4astra1+ci6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ffmpeg \u0434\u043e 7:3.2.19-0+deb9u7+ci2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "04.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.12.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-15661",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-9951",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), FFmpeg, Android Studio",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 jpeg2000dec \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 FFmpeg, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 jpeg2000dec \u043c\u0443\u043b\u044c\u0442\u0438\u043c\u0435\u0434\u0438\u0439\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 FFmpeg \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e JP2-\u0444\u0430\u0439\u043b\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c: Andy Nguyen",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/FFmpeg/FFmpeg/commit/01a292c7e36545ddeb3c7f79cd02e2611cd37d73\nhttps://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CERTFR-2026-AVI-0281

Vulnerability from certfr_avis - Published: 2026-03-12 - Updated: 2026-03-12

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Splunk AppDynamics Private Synthetic Agent	Splunk AppDynamics Private Synthetic Agent versions 26.1.x antérieures à 26.1.0
Splunk	Splunk AppDynamics On-Premises Enterprise Console	Splunk AppDynamics On-Premises Enterprise Console versions 26.1.x antérieures à 26.1.1
Splunk	Splunk AppDynamics Database Agent	Splunk AppDynamics Database Agent versions 26.1.x antérieures à 26.1.0
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.12
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.124
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.4.x antérieures à 9.4.9
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.2.x antérieures à 10.2.1
Splunk	Splunk AppDynamics NodeJS Agent	Splunk AppDynamics NodeJS Agent versions 25.12.x antérieures à 25.12.1
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.0.x antérieures à 10.0.4
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.3.x antérieures à 9.3.10
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.17
Splunk	Splunk AppDynamics Java Agent	Splunk AppDynamics Java Agent versions 26.1.x antérieures à 26.1.0
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.7

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2026-0302	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0311	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0308	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0309	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0305	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0310	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0304	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0301	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0313	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0306	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0303	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0307	2026-03-11	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0312	2026-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk AppDynamics Private Synthetic Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
      "product": {
        "name": "Splunk AppDynamics Private Synthetic Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics On-Premises Enterprise Console versions 26.1.x ant\u00e9rieures \u00e0 26.1.1",
      "product": {
        "name": "Splunk AppDynamics On-Premises Enterprise Console",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Database Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
      "product": {
        "name": "Splunk AppDynamics Database Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.12",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.124",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.9",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics NodeJS Agent versions 25.12.x ant\u00e9rieures \u00e0 25.12.1",
      "product": {
        "name": "Splunk AppDynamics NodeJS Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.4",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.10",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.17",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Java Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
      "product": {
        "name": "Splunk AppDynamics Java Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.7",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-6395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
    },
    {
      "name": "CVE-2018-16864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16864"
    },
    {
      "name": "CVE-2025-48073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48073"
    },
    {
      "name": "CVE-2025-31651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
    },
    {
      "name": "CVE-2025-11219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11219"
    },
    {
      "name": "CVE-2026-21933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
    },
    {
      "name": "CVE-2025-58183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
    },
    {
      "name": "CVE-2026-21932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
    },
    {
      "name": "CVE-2025-66199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
    },
    {
      "name": "CVE-2025-53042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
    },
    {
      "name": "CVE-2025-9231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
    },
    {
      "name": "CVE-2025-1594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1594"
    },
    {
      "name": "CVE-2025-3887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3887"
    },
    {
      "name": "CVE-2025-68973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
    },
    {
      "name": "CVE-2025-4574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4574"
    },
    {
      "name": "CVE-2025-9714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
    },
    {
      "name": "CVE-2025-10148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
    },
    {
      "name": "CVE-2025-14087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
    },
    {
      "name": "CVE-2025-12433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12433"
    },
    {
      "name": "CVE-2025-12444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12444"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2024-38286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
    },
    {
      "name": "CVE-2025-11213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11213"
    },
    {
      "name": "CVE-2025-8556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-12036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12036"
    },
    {
      "name": "CVE-2012-0871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0871"
    },
    {
      "name": "CVE-2025-4056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-53062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
    },
    {
      "name": "CVE-2025-0518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0518"
    },
    {
      "name": "CVE-2025-69223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2025-12084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
    },
    {
      "name": "CVE-2018-15688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
    },
    {
      "name": "CVE-2025-45582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
    },
    {
      "name": "CVE-2025-12438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12438"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2023-26464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
    },
    {
      "name": "CVE-2025-69419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
    },
    {
      "name": "CVE-2025-24813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
    },
    {
      "name": "CVE-2025-12435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12435"
    },
    {
      "name": "CVE-2025-6075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
    },
    {
      "name": "CVE-2013-4394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4394"
    },
    {
      "name": "CVE-2019-20386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
    },
    {
      "name": "CVE-2025-64183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64183"
    },
    {
      "name": "CVE-2025-13226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
    },
    {
      "name": "CVE-2025-58185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
    },
    {
      "name": "CVE-2025-47808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47808"
    },
    {
      "name": "CVE-2021-46877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
    },
    {
      "name": "CVE-2026-2391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
    },
    {
      "name": "CVE-2017-18078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18078"
    },
    {
      "name": "CVE-2025-55752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
    },
    {
      "name": "CVE-2025-53905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
    },
    {
      "name": "CVE-2019-17571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
    },
    {
      "name": "CVE-2025-11207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11207"
    },
    {
      "name": "CVE-2021-35939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
    },
    {
      "name": "CVE-2025-13223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13223"
    },
    {
      "name": "CVE-2025-12431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12431"
    },
    {
      "name": "CVE-2026-23745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
    },
    {
      "name": "CVE-2025-15467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
    },
    {
      "name": "CVE-2024-58251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
    },
    {
      "name": "CVE-2025-9820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
    },
    {
      "name": "CVE-2024-7246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
    },
    {
      "name": "CVE-2025-4598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
    },
    {
      "name": "CVE-2026-21226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21226"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2023-33202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
    },
    {
      "name": "CVE-2025-12726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12726"
    },
    {
      "name": "CVE-2025-12445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12445"
    },
    {
      "name": "CVE-2025-12437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12437"
    },
    {
      "name": "CVE-2025-15284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
    },
    {
      "name": "CVE-2025-69230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69230"
    },
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-14512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2025-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
    },
    {
      "name": "CVE-2026-22795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
    },
    {
      "name": "CVE-2026-21925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
    },
    {
      "name": "CVE-2025-0716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0716"
    },
    {
      "name": "CVE-2025-64718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-12434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12434"
    },
    {
      "name": "CVE-2025-69225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
    },
    {
      "name": "CVE-2025-47910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
    },
    {
      "name": "CVE-2025-12439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12439"
    },
    {
      "name": "CVE-2018-16865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16865"
    },
    {
      "name": "CVE-2025-14874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14874"
    },
    {
      "name": "CVE-2020-17521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
    },
    {
      "name": "CVE-2024-54677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
    },
    {
      "name": "CVE-2025-48072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48072"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2025-12432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12432"
    },
    {
      "name": "CVE-2025-6965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
    },
    {
      "name": "CVE-2025-10966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
    },
    {
      "name": "CVE-2025-47906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
    },
    {
      "name": "CVE-2026-20165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20165"
    },
    {
      "name": "CVE-2025-59375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
    },
    {
      "name": "CVE-2025-22919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22919"
    },
    {
      "name": "CVE-2024-23672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
    },
    {
      "name": "CVE-2025-69227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
    },
    {
      "name": "CVE-2021-33910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
    },
    {
      "name": "CVE-2025-69421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2025-48964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
    },
    {
      "name": "CVE-2025-12443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12443"
    },
    {
      "name": "CVE-2025-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
    },
    {
      "name": "CVE-2024-56433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
    },
    {
      "name": "CVE-2023-6602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6602"
    },
    {
      "name": "CVE-2025-11215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11215"
    },
    {
      "name": "CVE-2013-4393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4393"
    },
    {
      "name": "CVE-2019-3842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3842"
    },
    {
      "name": "CVE-2025-11205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11205"
    },
    {
      "name": "CVE-2025-55754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
    },
    {
      "name": "CVE-2025-12725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12725"
    },
    {
      "name": "CVE-2022-23305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
    },
    {
      "name": "CVE-2025-11208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11208"
    },
    {
      "name": "CVE-2025-68161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
    },
    {
      "name": "CVE-2024-8372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8372"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-56337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
    },
    {
      "name": "CVE-2025-3360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
    },
    {
      "name": "CVE-2026-22796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
    },
    {
      "name": "CVE-2025-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11756"
    },
    {
      "name": "CVE-2025-59730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59730"
    },
    {
      "name": "CVE-2025-61724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
    },
    {
      "name": "CVE-2024-5642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
    },
    {
      "name": "CVE-2020-13776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13776"
    },
    {
      "name": "CVE-2025-13033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13033"
    },
    {
      "name": "CVE-2022-23307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2025-9232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
    },
    {
      "name": "CVE-2025-11212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11212"
    },
    {
      "name": "CVE-2025-12495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12495"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2025-46394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
    },
    {
      "name": "CVE-2021-35937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
    },
    {
      "name": "CVE-2025-12840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12840"
    },
    {
      "name": "CVE-2025-52520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2025-11458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11458"
    },
    {
      "name": "CVE-2020-1712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1712"
    },
    {
      "name": "CVE-2025-32990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
    },
    {
      "name": "CVE-2025-12429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12429"
    },
    {
      "name": "CVE-2026-20164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20164"
    },
    {
      "name": "CVE-2025-48989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
    },
    {
      "name": "CVE-2026-24842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
    },
    {
      "name": "CVE-2025-11211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11211"
    },
    {
      "name": "CVE-2025-32989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2025-53069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
    },
    {
      "name": "CVE-2026-23950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
    },
    {
      "name": "CVE-2023-26118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-69228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
    },
    {
      "name": "CVE-2025-59250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
    },
    {
      "name": "CVE-2025-14104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
    },
    {
      "name": "CVE-2025-53044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
    },
    {
      "name": "CVE-2025-47807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47807"
    },
    {
      "name": "CVE-2025-47806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47806"
    },
    {
      "name": "CVE-2025-47912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
    },
    {
      "name": "CVE-2025-64182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64182"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2023-6604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6604"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2025-68160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
    },
    {
      "name": "CVE-2022-3821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
    },
    {
      "name": "CVE-2017-9217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9217"
    },
    {
      "name": "CVE-2025-60753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60753"
    },
    {
      "name": "CVE-2025-64181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64181"
    },
    {
      "name": "CVE-2025-67735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
    },
    {
      "name": "CVE-2025-12436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12436"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2025-13230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
    },
    {
      "name": "CVE-2013-4327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4327"
    },
    {
      "name": "CVE-2025-58186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
    },
    {
      "name": "CVE-2025-9086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
    },
    {
      "name": "CVE-2025-12446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12446"
    },
    {
      "name": "CVE-2025-13228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13228"
    },
    {
      "name": "CVE-2013-4391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4391"
    },
    {
      "name": "CVE-2026-20166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20166"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2025-12441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12441"
    },
    {
      "name": "CVE-2024-29371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
    },
    {
      "name": "CVE-2025-47183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47183"
    },
    {
      "name": "CVE-2025-13601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2023-6601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6601"
    },
    {
      "name": "CVE-2018-16888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16888"
    },
    {
      "name": "CVE-2025-58056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-69226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
    },
    {
      "name": "CVE-2025-32988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
    },
    {
      "name": "CVE-2025-13224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13224"
    },
    {
      "name": "CVE-2025-13042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13042"
    },
    {
      "name": "CVE-2024-34750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
    },
    {
      "name": "CVE-2025-11460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11460"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2025-47913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
    },
    {
      "name": "CVE-2025-13229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13229"
    },
    {
      "name": "CVE-2024-24549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
    },
    {
      "name": "CVE-2025-12440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12440"
    },
    {
      "name": "CVE-2025-58181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
    },
    {
      "name": "CVE-2025-53054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
    },
    {
      "name": "CVE-2025-11216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11216"
    },
    {
      "name": "CVE-2025-47914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
    },
    {
      "name": "CVE-2018-1049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1049"
    },
    {
      "name": "CVE-2025-69418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
    },
    {
      "name": "CVE-2025-8114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
    },
    {
      "name": "CVE-2025-15468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
    },
    {
      "name": "CVE-2025-58189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
    },
    {
      "name": "CVE-2025-55668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
    },
    {
      "name": "CVE-2025-11210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11210"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2026-21945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
    },
    {
      "name": "CVE-2022-31159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
    },
    {
      "name": "CVE-2025-12729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12729"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2025-46701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
    },
    {
      "name": "CVE-2025-13227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2025-10256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10256"
    },
    {
      "name": "CVE-2026-20162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20162"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-12839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12839"
    },
    {
      "name": "CVE-2025-9230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
    },
    {
      "name": "CVE-2025-37727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37727"
    },
    {
      "name": "CVE-2025-53040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
    },
    {
      "name": "CVE-2019-3844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3844"
    },
    {
      "name": "CVE-2025-53906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
    },
    {
      "name": "CVE-2025-12728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12728"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2023-6605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6605"
    },
    {
      "name": "CVE-2025-8885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
    },
    {
      "name": "CVE-2022-23302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
    },
    {
      "name": "CVE-2025-12430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12430"
    },
    {
      "name": "CVE-2025-11187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
    },
    {
      "name": "CVE-2025-11206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11206"
    },
    {
      "name": "CVE-2025-62408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62408"
    },
    {
      "name": "CVE-2018-15686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15686"
    },
    {
      "name": "CVE-2021-35938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
    },
    {
      "name": "CVE-2025-9951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9951"
    },
    {
      "name": "CVE-2025-53045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2025-59729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59729"
    },
    {
      "name": "CVE-2025-48071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48071"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2025-53506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
    },
    {
      "name": "CVE-2023-26604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
    },
    {
      "name": "CVE-2025-69224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69224"
    },
    {
      "name": "CVE-2025-2759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2759"
    },
    {
      "name": "CVE-2025-53864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
    },
    {
      "name": "CVE-2025-53053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
    },
    {
      "name": "CVE-2025-30153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
    },
    {
      "name": "CVE-2025-59419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
    },
    {
      "name": "CVE-2025-69229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
    },
    {
      "name": "CVE-2024-8373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8373"
    },
    {
      "name": "CVE-2025-11209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11209"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2024-21490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21490"
    },
    {
      "name": "CVE-2024-50379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
    },
    {
      "name": "CVE-2023-49501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49501"
    },
    {
      "name": "CVE-2019-3843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3843"
    },
    {
      "name": "CVE-2018-6954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2026-26981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26981"
    },
    {
      "name": "CVE-2025-12447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12447"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2013-4392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4392"
    },
    {
      "name": "CVE-2025-48074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48074"
    },
    {
      "name": "CVE-2024-52316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
    },
    {
      "name": "CVE-2016-7795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7795"
    },
    {
      "name": "CVE-2025-12727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12727"
    },
    {
      "name": "CVE-2025-69420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
    },
    {
      "name": "CVE-2025-12428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12428"
    },
    {
      "name": "CVE-2026-20163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20163"
    },
    {
      "name": "CVE-2025-11226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
    }
  ],
  "initial_release_date": "2026-03-12T00:00:00",
  "last_revision_date": "2026-03-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0281",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0302",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0302"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0311",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0311"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0308",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0308"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0309",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0309"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0305",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0305"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0310",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0310"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0304",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0304"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0301",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0301"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0313",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0313"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0306",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0306"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0303",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0303"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0307",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0307"
    },
    {
      "published_at": "2026-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0312",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0312"
    }
  ]
}

FKIE_CVE-2025-9951

Vulnerability from fkie_nvd - Published: 2025-09-09 14:15 - Updated: 2026-04-15 00:35

Severity

7.2 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

Summary

References

	URL	Tags
	cve-coordination@google.com	https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000."
    }
  ],
  "id": "CVE-2025-9951",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cve-coordination@google.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-09T14:15:49.720",
  "references": [
    {
      "source": "cve-coordination@google.com",
      "url": "https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg"
    }
  ],
  "sourceIdentifier": "cve-coordination@google.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "cve-coordination@google.com",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2025-1998

Vulnerability from csaf_certbund - Published: 2025-09-08 22:00 - Updated: 2026-05-20 22:00

Summary

ffmpeg: Schwachstelle ermöglicht Codeausführung und potenziell Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Das FFmpeg-Projekt besteht aus freien Programmen und Bibliotheken, die es ermöglichen, digitales Video- und Audiomaterial aufzunehmen, zu konvertieren, zu streamen und abzuspielen. Zudem enthält es mit libavcodec eine Audio- und Video-Codec-Sammlung, die verschiedene Codecs zur Verfügung stellt.

Angriff: Ein Angreifer kann eine Schwachstelle in ffmpeg ausnutzen, um beliebigen Programmcode auszuführen, und potenziell um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2025-9951

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source ffmpeg <8.0 Open Source / ffmpeg		<8.0

References

9 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/google/security-research/secur…	external
https://ubuntu.com/security/notices/USN-7830-1	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://access.redhat.com/errata/RHSA-2026:3461	external
https://access.redhat.com/errata/RHSA-2026:3462	external
https://access.redhat.com/errata/RHSA-2026:3782	external
https://access.redhat.com/errata/RHSA-2026:19712	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das FFmpeg-Projekt besteht aus freien Programmen und Bibliotheken, die es erm\u00f6glichen, digitales Video- und Audiomaterial aufzunehmen, zu konvertieren, zu streamen und abzuspielen. Zudem enth\u00e4lt es mit libavcodec eine Audio- und Video-Codec-Sammlung, die verschiedene Codecs zur Verf\u00fcgung stellt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann eine Schwachstelle in ffmpeg ausnutzen, um beliebigen Programmcode auszuf\u00fchren, und potenziell um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1998 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1998.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1998 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1998"
      },
      {
        "category": "external",
        "summary": "Google Security Research vom 2025-09-08",
        "url": "https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7830-1 vom 2025-10-21",
        "url": "https://ubuntu.com/security/notices/USN-7830-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4440 vom 2026-01-17",
        "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00011.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3461 vom 2026-02-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:3461"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3462 vom 2026-02-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:3462"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3782 vom 2026-03-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:3782"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19712 vom 2026-05-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:19712"
      }
    ],
    "source_lang": "en-US",
    "title": "ffmpeg: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung und potenziell Denial of Service",
    "tracking": {
      "current_release_date": "2026-05-20T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-21T07:56:53.963+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2025-1998",
      "initial_release_date": "2025-09-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-09-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-09-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-27255"
        },
        {
          "date": "2025-10-21T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-01-18T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-03-01T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-03-04T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.0",
                "product": {
                  "name": "Open Source ffmpeg \u003c8.0",
                  "product_id": "T046797"
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Open Source ffmpeg 8.0",
                  "product_id": "T046797-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ffmpeg:ffmpeg:8.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ffmpeg"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-9951",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "T000126",
          "T046797"
        ]
      },
      "release_date": "2025-09-08T22:00:00.000+00:00",
      "title": "CVE-2025-9951"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-9951 (GCVE-0-2025-9951)

BDU:2025-15661

CERTFR-2026-AVI-0281

Solutions

FKIE_CVE-2025-9951

WID-SEC-W-2025-1998

Tags

Sightings

Nomenclature