CVE-2025-22921 – This vulnerability in FFmpeg's JPEG2000 decoder... (How to Fix)

Q: What is the severity of CVE-2025-22921?

CVE-2025-22921 has a CVSS score of 6.5 (MEDIUM). This vulnerability in FFmpeg's JPEG2000 decoder allows attackers to cause a segmentation fault (crash) by processing specially crafted JPEG2000 images. It affects systems using vulnerable FFmpeg versions for media processing. The impact is primarily denial of service, though memory corruption could potentially lead to further exploitation.

📋 TL;DR

This vulnerability in FFmpeg's JPEG2000 decoder allows attackers to cause a segmentation fault (crash) by processing specially crafted JPEG2000 images. It affects systems using vulnerable FFmpeg versions for media processing. The impact is primarily denial of service, though memory corruption could potentially lead to further exploitation.

💻 Affected Systems

Products:

FFmpeg

Versions: git-master versions up to N-113007-g8d24a28d06

Operating Systems: All platforms running vulnerable FFmpeg versions

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using FFmpeg's JPEG2000 decoder is vulnerable when processing untrusted JPEG2000 files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution or system compromise if the segmentation violation leads to memory corruption that can be weaponized, though this is currently theoretical.

🟠

Likely Case

Denial of service through application crash when processing malicious JPEG2000 files, disrupting media processing services.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing; crashes would be contained within the affected process.

🌐 Internet-Facing: MEDIUM - Applications accepting user-uploaded media files could be crashed, but exploitation requires specific JPEG2000 input.

🏢 Internal Only: LOW - Requires processing of attacker-controlled JPEG2000 files, which is less common in internal-only systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a specific JPEG2000 file that triggers the segmentation violation. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in FFmpeg git commit after g8d24a28d06

Vendor Advisory: https://trac.ffmpeg.org/ticket/11393

Restart Required: Yes

Instructions:

1. Update FFmpeg to latest version from official repository. 2. Rebuild any applications using FFmpeg libraries. 3. Restart services using FFmpeg.

🔧 Temporary Workarounds

Disable JPEG2000 processing

all

Configure applications to reject or skip JPEG2000 file processing

# Application-specific configuration required

Input validation

all

Implement strict file type validation to block JPEG2000 files from untrusted sources

# Use file magic number checking before processing

🧯 If You Can't Patch

Implement network segmentation to isolate FFmpeg processing systems
Deploy application sandboxing/containerization to limit crash impact

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version with 'ffmpeg -version' and compare against vulnerable versions

Check Version:

ffmpeg -version | grep 'version\|git'

Verify Fix Applied:

Verify FFmpeg version is newer than N-113007-g8d24a28d06 and test with known problematic JPEG2000 files

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in application logs
FFmpeg process crashes when processing JPEG2000 files

Network Indicators:

Unusual JPEG2000 file uploads to media processing endpoints

SIEM Query:

source="application.logs" AND "segmentation fault" AND "ffmpeg"

📊 Metadata

CVE ID: CVE-2025-22921

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.17% exploit probability (38.1th percentile)

Published: February 18, 2025

Last Updated: January 12, 2026

🔗 References

https://trac.ffmpeg.org/ticket/11393 Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/02/msg00037.html Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22921, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

Ffmpeg by Ffmpeg

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JPEG2000 processing

Input validation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities