CVE-2025-22919
📋 TL;DR
This CVE describes a reachable assertion vulnerability in FFmpeg that allows attackers to cause a Denial of Service (DoS) by opening a specially crafted AAC audio file. The vulnerability affects systems running vulnerable versions of FFmpeg that process untrusted AAC files. Users and applications that process AAC files from untrusted sources are at risk.
💻 Affected Systems
- FFmpeg
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of FFmpeg-based applications, potentially affecting media processing pipelines, streaming services, or video editing software that crashes when processing malicious AAC files.
Likely Case
Application crash or hang when processing malicious AAC files, leading to temporary service disruption until the process is restarted.
If Mitigated
No impact if proper input validation and sandboxing are implemented, or if AAC files are only processed from trusted sources.
🎯 Exploit Status
Exploitation requires the victim to process the malicious AAC file. No authentication or special privileges are needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in FFmpeg git repository after commit N-113007-g8d24a28d06
Vendor Advisory: https://trac.ffmpeg.org/ticket/11385
Restart Required: Yes
Instructions:
1. Update FFmpeg to the latest version from the official git repository. 2. Rebuild and reinstall FFmpeg if compiled from source. 3. Restart any services or applications using FFmpeg.
🔧 Temporary Workarounds
Disable AAC file processing
allConfigure applications to reject or skip AAC file processing if not required.
# Application-specific configuration required
Input validation and sandboxing
linuxImplement strict input validation for AAC files and run FFmpeg in a sandboxed environment.
# Use containerization or sandboxing tools like Docker, Firejail, or SELinux
🧯 If You Can't Patch
- Implement network segmentation to isolate FFmpeg processing systems from untrusted networks.
- Deploy application-level firewalls or WAFs to block malicious AAC file uploads.
🔍 How to Verify
Check if Vulnerable:
Check FFmpeg version and commit hash. If using git-master around commit N-113007-g8d24a28d06, the system is likely vulnerable.Check Version:
ffmpeg -version | grep 'version\|commit'Verify Fix Applied:
Update FFmpeg and test with the malicious AAC file from the vulnerability report (if available) to ensure no crash occurs.📡 Detection & Monitoring
Log Indicators:
- FFmpeg process crashes with assertion failure messages
- Application logs showing unexpected termination during AAC file processing
Network Indicators:
- Unusual volume of AAC file uploads to media processing endpoints
- Pattern of AAC file uploads followed by service restarts
SIEM Query:
source="application.logs" AND ("ffmpeg" OR "aac") AND ("crash" OR "assertion" OR "segfault")